Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
BraveBrowserSetup-BRV010.exe

Overview

General Information

Sample name:BraveBrowserSetup-BRV010.exe
Analysis ID:1410747
MD5:e3e7498c2436a1570109fbe755af1d40
SHA1:d7fb79f465d2c87ef22088327b5bfb73899fdf7e
SHA256:498e27ed4e5bb584672992f459c0e51cd1e7345889dff1521ccf577b13ed6313
Infos:

Detection

Score:51
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:47
Range:0 - 100

Signatures

Benign windows process drops PE files
Creates an undocumented autostart registry key
Downloads suspicious files via Chrome
Found evasive API chain (may stop execution after checking volume information)
Found evasive API chain checking for user administrative privileges
Maps a DLL or memory area into another process
Changes image file execution options
Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates COM task schedule object (often to register a task for autostart)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Disables exception chain validation (SEHOP)
Drops PE files
Enables debug privileges
Found dropped PE file which has not been started or loaded
Found evasive API chain (may stop execution after accessing registry keys)
Found evasive API chain (may stop execution after checking a module file name)
Found evasive API chain checking for process token information
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Potential browser exploit detected (process start blacklist hit)
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Use Short Name Path in Command Line
Tries to load missing DLLs
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • BraveBrowserSetup-BRV010.exe (PID: 6340 cmdline: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe MD5: E3E7498C2436A1570109FBE755AF1D40)
    • BraveUpdate.exe (PID: 6500 cmdline: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe" /installsource taggedmi /install "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none MD5: 7ACF578621988C8B80F4D7EF7A12B89F)
      • BraveUpdate.exe (PID: 2228 cmdline: "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regsvc MD5: 7ACF578621988C8B80F4D7EF7A12B89F)
      • BraveUpdate.exe (PID: 6356 cmdline: "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regserver MD5: 7ACF578621988C8B80F4D7EF7A12B89F)
        • BraveUpdateComRegisterShell64.exe (PID: 1800 cmdline: "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exe" MD5: F2CA542F38E6B51EDB9790369117F54A)
        • BraveUpdateComRegisterShell64.exe (PID: 3260 cmdline: "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exe" MD5: F2CA542F38E6B51EDB9790369117F54A)
        • BraveUpdateComRegisterShell64.exe (PID: 5308 cmdline: "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exe" MD5: F2CA542F38E6B51EDB9790369117F54A)
      • BraveUpdate.exe (PID: 6596 cmdline: "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTQ1IiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjE0NSIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9Ins1NjM5OEQ5Mi1DRkE5LTQ2MkQtODhGOC1FMjE0RTEwQTJEQTF9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7QkFCQUI0MkYtNUM4NS00QURFLUJCNzktRTdCN0Y4NEQxQzJCfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSI4IiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ1LjIwMDYiIHNwPSIiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9IntCMTMxQzkzNS05QkU2LTQxREEtOTU5OS0xRjc3NkJFQjgwMTl9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxLjMuMzYxLjE0NSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgaW5zdGFsbF90aW1lX21zPSIzNTQ3Ii8-PC9hcHA-PC9yZXF1ZXN0Pg MD5: 7ACF578621988C8B80F4D7EF7A12B89F)
      • BraveUpdate.exe (PID: 5776 cmdline: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /handoff "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none" /installsource taggedmi /sessionid "{56398D92-CFA9-462D-88F8-E214E10A2DA1} MD5: 7ACF578621988C8B80F4D7EF7A12B89F)
      • BraveUpdate.exe (PID: 2228 cmdline: "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /svc MD5: 7ACF578621988C8B80F4D7EF7A12B89F)
        • brave_installer-x64.exe (PID: 8572 cmdline: C:\Program Files (x86)\BraveSoftware\Update\Install\{4F196A2A-B4D3-469B-B59C-F68107B39DD0}\brave_installer-x64.exe" --do-not-launch-chrome /installerdata="C:\Windows\TEMP\gui8936.tmp MD5: 40976C35E6CA27871F134A8A2FCAFC21)
      • BraveUpdateOnDemand.exe (PID: 6596 cmdline: "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exe" -Embedding MD5: 088EBFFD13539DBEF1204243C3558999)
        • BraveUpdate.exe (PID: 5852 cmdline: "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ondemand MD5: 7ACF578621988C8B80F4D7EF7A12B89F)
          • iexplore.exe (PID: 7212 cmdline: "C:\Program Files\Internet Explorer\iexplore.exe" MD5: CFE2E6942AC1B72981B3105E22D3224E)
            • iexplore.exe (PID: 7280 cmdline: "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7212 CREDAT:9474 /prefetch:2 MD5: 6F0F06D6AB125A99E43335427066A4A1)
              • ie_to_edge_stub.exe (PID: 7364 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=20440 MD5: 89CF8972D683795DAB6901BC9456675D)
              • ssvagent.exe (PID: 7420 cmdline: "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new MD5: F9A898A606E7F5A1CD7CFFA8079253A0)
            • ie_to_edge_stub.exe (PID: 7376 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=20440 MD5: 89CF8972D683795DAB6901BC9456675D)
              • msedge.exe (PID: 7452 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=20440 MD5: 69222B8101B0601CC6663F8381E7E00F)
                • msedge.exe (PID: 7684 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=2020,i,10732780522710542264,14033713983186495239,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
                • msedge.exe (PID: 8384 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6052 --field-trial-handle=2020,i,10732780522710542264,14033713983186495239,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
                • identity_helper.exe (PID: 352 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=4236 --field-trial-handle=2020,i,10732780522710542264,14033713983186495239,262144 /prefetch:8 MD5: 76C58E5BABFE4ACF0308AA646FC0F416)
                • identity_helper.exe (PID: 8824 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=4236 --field-trial-handle=2020,i,10732780522710542264,14033713983186495239,262144 /prefetch:8 MD5: 76C58E5BABFE4ACF0308AA646FC0F416)
            • ssvagent.exe (PID: 7428 cmdline: "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new MD5: F9A898A606E7F5A1CD7CFFA8079253A0)
            • iexplore.exe (PID: 8628 cmdline: "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7212 CREDAT:75012 /prefetch:2 MD5: 6F0F06D6AB125A99E43335427066A4A1)
              • ssvagent.exe (PID: 8724 cmdline: "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new MD5: F9A898A606E7F5A1CD7CFFA8079253A0)
            • ssvagent.exe (PID: 8732 cmdline: "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new MD5: F9A898A606E7F5A1CD7CFFA8079253A0)
            • iexplore.exe (PID: 9096 cmdline: "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7212 CREDAT:75018 /prefetch:2 MD5: 6F0F06D6AB125A99E43335427066A4A1)
            • iexplore.exe (PID: 8528 cmdline: "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7212 CREDAT:1250584 /prefetch:2 MD5: 6F0F06D6AB125A99E43335427066A4A1)
            • iexplore.exe (PID: 6660 cmdline: "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7212 CREDAT:9482 /prefetch:2 MD5: 6F0F06D6AB125A99E43335427066A4A1)
  • BraveUpdate.exe (PID: 2004 cmdline: "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /c MD5: 7ACF578621988C8B80F4D7EF7A12B89F)
  • BraveUpdate.exe (PID: 4280 cmdline: "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ua /installsource scheduler MD5: 7ACF578621988C8B80F4D7EF7A12B89F)
    • BraveUpdate.exe (PID: 3632 cmdline: "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /uninstall MD5: 7ACF578621988C8B80F4D7EF7A12B89F)
  • svchost.exe (PID: 6644 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • BraveUpdateOnDemand.exe (PID: 8300 cmdline: "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exe" -Embedding MD5: 088EBFFD13539DBEF1204243C3558999)
    • BraveUpdate.exe (PID: 8356 cmdline: "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ondemand MD5: 7ACF578621988C8B80F4D7EF7A12B89F)
      • iexplore.exe (PID: 8536 cmdline: "C:\Program Files\Internet Explorer\iexplore.exe" MD5: CFE2E6942AC1B72981B3105E22D3224E)
  • BraveUpdateOnDemand.exe (PID: 8984 cmdline: "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exe" -Embedding MD5: 088EBFFD13539DBEF1204243C3558999)
    • BraveUpdate.exe (PID: 9004 cmdline: "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ondemand MD5: 7ACF578621988C8B80F4D7EF7A12B89F)
      • iexplore.exe (PID: 9056 cmdline: "C:\Program Files\Internet Explorer\iexplore.exe" MD5: CFE2E6942AC1B72981B3105E22D3224E)
  • BraveUpdateOnDemand.exe (PID: 8588 cmdline: "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exe" -Embedding MD5: 088EBFFD13539DBEF1204243C3558999)
    • BraveUpdate.exe (PID: 8580 cmdline: "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ondemand MD5: 7ACF578621988C8B80F4D7EF7A12B89F)
      • iexplore.exe (PID: 8792 cmdline: "C:\Program Files\Internet Explorer\iexplore.exe" MD5: CFE2E6942AC1B72981B3105E22D3224E)
  • msedge.exe (PID: 5356 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7988 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=2000,i,3705036646907235618,15177434978570065286,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Sigma detected: Use Short Name Path in Command Line
Source: Process startedAuthor: frack113, Nasreddine Bencherchali: Data: Command: "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new, CommandLine: "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new, CommandLine|base64offset|contains: w, Image: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe, NewProcessName: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe, OriginalFileName: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe, ParentCommandLine: "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7212 CREDAT:9474 /prefetch:2, ParentImage: C:\Program Files (x86)\Internet Explorer\iexplore.exe, ParentProcessId: 7280, ParentProcessName: iexplore.exe, ProcessCommandLine: "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new, ProcessId: 7420, ProcessName: ssvagent.exe
Sigma detected: Modification of IE Registry Settings
Source: Registry Key setAuthor: frack113: Data: Details: 1, EventID: 13, EventType: SetValue, Image: C:\Program Files\Internet Explorer\iexplore.exe, ProcessId: 7212, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\SecuritySafe
Sigma detected: Windows Processes Suspicious Parent Directory
Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 6644, ProcessName: svchost.exe

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Compliance

barindex
Uses 32bit PE files
Source: BraveBrowserSetup-BRV010.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
PE / OLE file has a valid certificate
Source: BraveBrowserSetup-BRV010.exeStatic PE information: certificate valid
Contains modern PE file flags such as dynamic base (ASLR) or NX
Source: BraveBrowserSetup-BRV010.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Binary contains paths to debug symbols
Source: Binary string: goopdateres_unsigned_ms.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002A6D000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000003266000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1662581974.000000000154C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1662581974.000000000153D000.00000004.00000020.00020000.00000000.sdmp, goopdateres_ms.dll.1.dr, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_fa.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.000000000296D000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000003166000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1659285391.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1659285391.000000000154C000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_ru.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.0000000002AAF000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002ACC000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1664282530.000000000154C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1664282530.000000000153D000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_lt.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000003231000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002A37000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1662004054.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1662004054.000000000154C000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_el.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000028FD000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.000000000291B000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1658440956.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1658440956.000000000154C000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_tr.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000003340000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002B47000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1665882429.000000000154C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1665882429.000000000153D000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: psmachine_unsigned_arm64.pdbK source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000023D8000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000023D5000.00000004.00000020.00020000.00000000.sdmp, psmachine_arm64.dll.1.dr, psmachine_arm64.dll.0.dr, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_de.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.000000000290D000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000003107000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1658306118.000000000154C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1658306118.000000000153D000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr, goopdateres_de.dll.0.dr
Source: Binary string: psuser_unsigned_arm64.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000002.2408287644.00000000001A4000.00000004.00000010.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000023D8000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000023D5000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_bg.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000028C9000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1657457101.000000000154C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1657457101.000000000153D000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_mr.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002A5F000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000003258000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1662438629.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1662438629.000000000154C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_mr.dll.1.dr, GUTCC5F.tmp.0.dr
Source: Binary string: BraveUpdateComRegisterShell64_unsigned.pdbS source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000023D8000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000023D5000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1656657200.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1656629185.000000000154D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1656453205.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdateComRegisterShell64.exe, 00000004.00000000.1676919707.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmp, BraveUpdateComRegisterShell64.exe, 00000004.00000002.1680058258.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmp, BraveUpdateComRegisterShell64.exe, 00000007.00000000.1680834482.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmp, BraveUpdateComRegisterShell64.exe, 00000007.00000002.1682530997.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmp, BraveUpdateComRegisterShell64.exe, 00000009.00000000.1683362103.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmp, BraveUpdateComRegisterShell64.exe, 00000009.00000002.1684885420.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_gu.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000029A3000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.0000000002985000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1659841240.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1659841240.000000000154C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_gu.dll.1.dr, goopdateres_gu.dll.0.dr, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_th.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002B39000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.0000000002B1C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1665688521.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1665688521.000000000154C000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_sr.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.00000000032EE000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002AF4000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1664903202.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1664903202.000000000154C000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: BraveUpdateComRegisterShell64_unsigned.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000023D8000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000023D5000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1656657200.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1656629185.000000000154D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1656453205.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdateComRegisterShell64.exe, 00000004.00000000.1676919707.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmp, BraveUpdateComRegisterShell64.exe, 00000004.00000002.1680058258.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmp, BraveUpdateComRegisterShell64.exe, 00000007.00000000.1680834482.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmp, BraveUpdateComRegisterShell64.exe, 00000007.00000002.1682530997.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmp, BraveUpdateComRegisterShell64.exe, 00000009.00000000.1683362103.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmp, BraveUpdateComRegisterShell64.exe, 00000009.00000002.1684885420.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: psmachine_unsigned.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000023D8000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000023D5000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: psuser_unsigned_64.pdbG source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000023D8000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000023D5000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: psuser_unsigned_arm64.pdbK source: BraveBrowserSetup-BRV010.exe, 00000000.00000002.2408287644.00000000001A4000.00000004.00000010.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000023D8000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000023D5000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_am.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000023D8000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000023D5000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1656995123.000000000154C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1656995123.000000000153D000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: C:\jenkins\x64-release\src\out\Release\mini_installer.exe.pdb source: brave_installer-x64.exe, 00000031.00000002.2363085480.00007FF7E4985000.00000002.00000001.01000000.0000001A.sdmp, brave_installer-x64.exe, 00000031.00000000.2124215479.00007FF7E4985000.00000002.00000001.01000000.0000001A.sdmp, brave_installer-x64.exe.12.dr
Source: Binary string: goopdateres_unsigned_lv.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002A44000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.000000000323D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1662145107.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1662145107.000000000154C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_lv.dll.1.dr, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_ta.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.0000000002B00000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002B1D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1665368990.000000000154C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1665368990.000000000153D000.00000004.00000020.00020000.00000000.sdmp, goopdateres_ta.dll.1.dr, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_cs.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000028F2000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.00000000030EC000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1657937472.000000000154C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1657937472.000000000153D000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr, goopdateres_cs.dll.1.dr
Source: Binary string: goopdate_unsigned.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000023D8000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000023D5000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1655460731.000000000153D000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_hi.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.0000000002993000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1659983985.000000000154C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1659983985.000000000153D000.00000004.00000020.00020000.00000000.sdmp, goopdateres_hi.dll.0.dr, GUTCC5F.tmp.0.dr, goopdateres_hi.dll.1.dr
Source: Binary string: psuser_unsigned.pdbK source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000023D8000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000023D5000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1666726202.000000000153D000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_es-419.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.0000000002934000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002951000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1659015830.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1659015830.000000000154C000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: mi_exe_stub.pdb source: BraveBrowserSetup-BRV010.exe, BraveUpdateSetup.exe.0.dr
Source: Binary string: goopdateres_unsigned_pt-BR.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.000000000329D000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002AA3000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1663603593.000000000154C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1663603593.000000000153D000.00000004.00000020.00020000.00000000.sdmp, goopdateres_pt-BR.dll.0.dr, goopdateres_pt-BR.dll.1.dr, GUTCC5F.tmp.0.dr
Source: Binary string: BraveUpdate_unsigned.pdb source: BraveUpdate.exe, BraveUpdate.exe, 00000002.00000000.1670432998.0000000000801000.00000020.00000001.01000000.00000007.sdmp, BraveUpdate.exe, 00000003.00000000.1675420049.0000000000801000.00000020.00000001.01000000.00000007.sdmp, BraveUpdate.exe, 00000005.00000000.1678756290.0000000000801000.00000020.00000001.01000000.00000007.sdmp, BraveUpdate.exe, 00000006.00000000.1679696552.0000000000801000.00000020.00000001.01000000.00000007.sdmp, BraveUpdate.exe, 00000008.00000000.1682581970.0000000000801000.00000020.00000001.01000000.00000007.sdmp, BraveUpdate.exe, 0000000A.00000000.1687496950.0000000000801000.00000020.00000001.01000000.00000007.sdmp, BraveUpdate.exe, 0000000B.00000000.1689987926.0000000000801000.00000020.00000001.01000000.00000007.sdmp, BraveUpdate.exe, 0000000C.00000002.2429226883.0000000000801000.00000020.00000001.01000000.00000007.sdmp, BraveUpdate.exe, 0000000F.00000000.1748678602.0000000000801000.00000020.00000001.01000000.00000007.sdmp, BraveUpdate.exe, 0000001B.00000000.1839626126.0000000000801000.00000020.00000001.01000000.00000007.sdmp, BraveUpdate.exe, 00000023.00000000.1902627971.0000000000801000.00000020.00000001.01000000.00000007.sdmp, BraveUpdate.exe, 0000002A.00000000.1996704601.0000000000801000.00000020.00000001.01000000.00000007.sdmp, BraveUpdate.exe.1.dr, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_hr.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000029A1000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000029BE000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1660124665.000000000154C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1660124665.000000000153D000.00000004.00000020.00020000.00000000.sdmp, goopdateres_hr.dll.1.dr, goopdateres_hr.dll.0.dr, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_id.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.00000000031D3000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000029D9000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1660704646.000000000154C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1660704646.000000000153D000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr, goopdateres_id.dll.0.dr
Source: Binary string: psuser_unsigned_64.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000023D8000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000023D5000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_zh-TW.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002B8A000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000002.2408287644.000000000019F000.00000004.00000010.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000003383000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1666641940.000000000154C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1666641940.000000000153D000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: BraveCrashHandlerArm64_unsigned.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000023D8000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000023D5000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1656195976.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1656398835.000000000153D000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: BraveCrashHandler64_unsigned.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000023D8000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000023D5000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: BraveUpdateCore_unsigned.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000023D8000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000023D5000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1655708094.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdateCore.exe.1.dr, GUTCC5F.tmp.0.dr
Source: Binary string: BraveCrashHandler_unsigned.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000023D8000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000023D5000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1655911803.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveCrashHandler.exe.0.dr, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_sw.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002B10000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000003309000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1665213225.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1665213225.000000000154C000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: BraveCrashHandler64_unsigned.pdb~ source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000023D8000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000023D5000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_it.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.00000000031EE000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000029F4000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1661208496.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1661208496.000000000154C000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_pt-PT.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.00000000032AA000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002AB1000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1663845769.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1663845769.000000000154C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_pt-PT.dll.1.dr, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_vi.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002B6F000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.0000000002B52000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1666344529.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1666344529.000000000154C000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_bn.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000028B9000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000028D6000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1657595345.000000000154C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1657595345.000000000153D000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr, goopdateres_bn.dll.0.dr
Source: Binary string: BraveUpdateBroker_unsigned.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000023D8000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000023D5000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1669407367.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1669140807.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1669354521.000000000154D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdateBroker.exe.1.dr, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_sv.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.0000000002AE5000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002B02000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1665062269.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1665062269.000000000154C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_sv.dll.1.dr, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_ja.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002A10000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000003209000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1661537646.000000000154C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1661537646.000000000153D000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr, goopdateres_ja.dll.0.dr
Source: Binary string: goopdateres_unsigned_es.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002944000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.000000000313E000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1658870479.000000000154C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1658870479.000000000153D000.00000004.00000020.00020000.00000000.sdmp, goopdateres_es.dll.0.dr, GUTCC5F.tmp.0.dr
Source: Binary string: psmachine_unsigned_64.pdbG source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000023D8000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000023D5000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: BraveUpdateCore_unsigned.pdbW source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000023D8000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000023D5000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1655708094.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdateCore.exe.1.dr, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_is.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000029CA000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000029E7000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1661058482.000000000154C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1661058482.000000000153D000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr, goopdateres_is.dll.0.dr
Source: Binary string: goopdateres_unsigned_fr.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002995000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.000000000318F000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1659693366.000000000154C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1659693366.000000000153D000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_ro.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002ABE000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.00000000032B8000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1664065282.000000000154C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1664065282.000000000153D000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_uk.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002B54000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.0000000002B37000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1666032243.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1666032243.000000000154C000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_ca.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000028E4000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.00000000030DE000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1657744169.000000000154C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1657744169.000000000153D000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: psmachine_unsigned_arm64.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000023D8000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000023D5000.00000004.00000020.00020000.00000000.sdmp, psmachine_arm64.dll.1.dr, psmachine_arm64.dll.0.dr, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_nl.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.0000000002A5D000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002A7B000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1662729138.000000000154C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1662729138.000000000153D000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_ko.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.0000000002A0C000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002A29000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1661858792.000000000154C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1661858792.000000000153D000.00000004.00000020.00020000.00000000.sdmp, goopdateres_ko.dll.1.dr, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_et.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000003159000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.000000000295F000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1659150513.000000000154C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1659150513.000000000153D000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_no.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002A88000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.0000000002A6B000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1662992849.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1662992849.000000000154C000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr, goopdateres_no.dll.0.dr
Source: Binary string: goopdateres_unsigned_te.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000003325000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002B2B000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1665526934.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1665526934.000000000154C000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr, goopdateres_te.dll.1.dr
Source: Binary string: goopdateres_unsigned_ur.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.0000000002B44000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002B62000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1666189346.000000000154C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1666189346.000000000153D000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr, goopdateres_ur.dll.0.dr
Source: Binary string: BraveUpdateComRegisterShellArm64_unsigned.pdbW source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000023D8000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000023D5000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1656863389.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1656697381.000000000153D000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_iw.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002A02000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.00000000031FC000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1661381133.000000000154C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1661381133.000000000153D000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr, goopdateres_iw.dll.0.dr
Source: Binary string: goopdateres_unsigned_fil.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000003181000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002987000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1659559118.000000000154C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1659559118.000000000153D000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_pl.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.000000000328F000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002A96000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1663362929.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1663362929.000000000154C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_pl.dll.1.dr, GUTCC5F.tmp.0.dr
Source: Binary string: goopdate_unsigned.pdbz source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000023D8000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000023D5000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1655460731.000000000153D000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_en-GB.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.0000000002919000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002936000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1658731216.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1658731216.000000000154C000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_fi.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.000000000297A000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000003174000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1659421316.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1659421316.000000000154C000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_sk.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.00000000032D3000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002ADA000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1664606415.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1664606415.000000000154C000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: psuser_unsigned.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000023D8000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000023D5000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1666726202.000000000153D000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_ml.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002A51000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.000000000324B000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1662294289.000000000154C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1662294289.000000000153D000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: BraveUpdateOnDemand_unsigned.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000023D8000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000023D5000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1669678827.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1669484102.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1669630831.000000000154D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdateOnDemand.exe, 0000000E.00000002.1749004785.0000000000C7E000.00000002.00000001.01000000.00000011.sdmp, BraveUpdateOnDemand.exe, 0000000E.00000000.1748269937.0000000000C7E000.00000002.00000001.01000000.00000011.sdmp, BraveUpdateOnDemand.exe, 0000001A.00000002.1845302743.0000000000C7E000.00000002.00000001.01000000.00000011.sdmp, BraveUpdateOnDemand.exe, 0000001A.00000000.1834627508.0000000000C7E000.00000002.00000001.01000000.00000011.sdmp, BraveUpdateOnDemand.exe, 00000022.00000000.1900040663.0000000000C7E000.00000002.00000001.01000000.00000011.sdmp, BraveUpdateOnDemand.exe, 00000022.00000002.1911214505.0000000000C7E000.00000002.00000001.01000000.00000011.sdmp, BraveUpdateOnDemand.exe, 00000029.00000002.2002014854.0000000000C7E000.00000002.00000001.01000000.00000011.sdmp, BraveUpdateOnDemand.exe, 00000029.00000000.1992898982.0000000000C7E000.00000002.00000001.01000000.00000011.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_hu.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000029AF000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000029CC000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1660273091.000000000154C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1660273091.000000000153D000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_en.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000003122000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002929000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1658587830.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1658587830.000000000154C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000002.2392022591.00000000030D0000.00000002.00000001.00040000.0000001C.sdmp, BraveUpdate.exe, 00000002.00000002.1674096233.0000000001290000.00000002.00000001.00040000.00000009.sdmp, BraveUpdate.exe, 00000006.00000002.1684385354.0000000001390000.00000002.00000001.00040000.00000009.sdmp, BraveUpdate.exe, 0000000B.00000002.2385107915.0000000000EB0000.00000002.00000001.00040000.00000009.sdmp, BraveUpdate.exe, 0000000C.00000002.2435463606.0000000000DA0000.00000002.00000001.00040000.00000009.sdmp, BraveUpdate.exe, 0000000F.00000002.1751644302.0000000000CF0000.00000002.00000001.00040000.00000009.sdmp, BraveUpdate.exe, 0000001B.00000002.1849193213.0000000002750000.00000002.00000001.00040000.00000009.sdmp, BraveUpdate.exe, 00000023.00000002.1917082651.0000000000AF0000.00000002.00000001.00040000.00000009.sdmp, BraveUpdate.exe, 0000002A.00000002.2009244990.0000000000FE0000.00000002.00000001.00040000.00000009.sdmp, GUTCC5F.tmp.0.dr, goopdateres_en.dll.0.dr
Source: Binary string: goopdateres_unsigned_da.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.00000000030F9000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002900000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1658162176.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1658162176.000000000154C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_da.dll.0.dr, GUTCC5F.tmp.0.dr
Source: Binary string: psmachine_unsigned.pdbK source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000023D8000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000023D5000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: BraveUpdateComRegisterShellArm64_unsigned.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000023D8000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000023D5000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1656863389.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1656697381.000000000153D000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: psmachine_unsigned_64.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000023D8000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000023D5000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_ar.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.00000000030B6000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000028BC000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1657180675.000000000154C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1657180675.000000000153D000.00000004.00000020.00020000.00000000.sdmp, goopdateres_ar.dll.0.dr, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_sl.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.00000000032E1000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002AE7000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1664750873.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1664750873.000000000154C000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_zh-CN.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000003376000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002B7C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1666495955.000000000154C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1666495955.000000000153D000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_kn.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000029FF000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002A1D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1661691176.000000000154C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1661691176.000000000153D000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32Jump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServerJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\ElevationJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeCode function: 1_2_00ECD9B3 FindFirstFileExW,FindNextFileW,FindClose,FindClose,1_2_00ECD9B3
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCode function: 2_2_0080D9B3 FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_0080D9B3
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeCode function: 4_2_00007FF744A11D68 FindFirstFileExW,4_2_00007FF744A11D68
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exeCode function: 14_2_00C76405 FindFirstFileExW,14_2_00C76405
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe
Source: Joe Sandbox ViewIP Address: 204.79.197.200 204.79.197.200
Source: Joe Sandbox ViewIP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox ViewIP Address: 152.195.19.97 152.195.19.97
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: <FavoriteIcon>http://www.facebook.com/favicon.ico</FavoriteIcon> equals www.facebook.com (Facebook)
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: <FavoriteIcon>http://www.myspace.com/favicon.ico</FavoriteIcon> equals www.myspace.com (Myspace)
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: <FavoriteIcon>http://www.rambler.ru/favicon.ico</FavoriteIcon> equals www.rambler.ru (Rambler)
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: <URL>http://www.facebook.com/</URL> equals www.facebook.com (Facebook)
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: <URL>http://www.rambler.ru/</URL> equals www.rambler.ru (Rambler)
Source: msapplication.xml1.16.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xaf66f3fc,0x01da7914</date><accdate>0xaf694402,0x01da7914</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: iexplore.exe, 00000010.00000002.2888995539.000002CCE8550000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2888995539.000002CCE8559000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xb10d9e6f,0x01da7914</date><accdate>0xb11497c7,0x01da7914</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: iexplore.exe, 00000010.00000002.2889214539.000002CCE8A62000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: URLhttp://www.facebook.com/ equals www.facebook.com (Facebook)
Source: iexplore.exe, 00000010.00000002.2889214539.000002CCE8A62000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: URLhttp://www.twitter.com/ equals www.twitter.com (Twitter)
Source: iexplore.exe, 00000010.00000002.2889214539.000002CCE8A62000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: URLhttp://www.youtube.com/ equals www.youtube.com (Youtube)
Source: iexplore.exe, 00000010.00000002.2889214539.000002CCE8A62000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.facebook.com/ equals www.facebook.com (Facebook)
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.facebook.com/c equals www.facebook.com (Facebook)
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.facebook.com/favicon.ico% equals www.facebook.com (Facebook)
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.myspace.com/favicon.icoF equals www.myspace.com (Myspace)
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rambler.ru/7 equals www.rambler.ru (Rambler)
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rambler.ru/favicon.ico equals www.rambler.ru (Rambler)
Source: iexplore.exe, 00000010.00000002.2889214539.000002CCE8A62000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.twitter.com/ equals www.twitter.com (Twitter)
Source: iexplore.exe, 00000010.00000002.2889214539.000002CCE8A62000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.youtube.com/ equals www.youtube.com (Youtube)
Source: iexplore.exe, 00000010.00000002.2892890232.000002CCE9380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.youtube.com/p equals www.youtube.com (Youtube)
Source: iexplore.exe, 00000010.00000002.2886837892.000002CCE6CD3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://Passport.NOp7
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://amazon.fr/
Source: iexplore.exe, 00000010.00000002.2886393600.000002CCE5280000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://api.bing.cb
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ariadna.elmundo.es/
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ariadna.elmundo.es/E
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ariadna.elmundo.es/favicon.ico
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886516745.000002CCE529B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ariadna.elmundo.es/favicon.ico?
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://arianna.libero.it/
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://arianna.libero.it/favicon.ico
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886516745.000002CCE529B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://arianna.libero.it/favicon.icog
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://asp.usatoday.com/
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://asp.usatoday.com/4
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://asp.usatoday.com/favicon.ico
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://auone.jp/favicon.ico
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C2000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://auone.jp/favicon.ico6
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C2000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://br.search.yahoo.com/
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://browse.guardian.co.uk/
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886516745.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://browse.guardian.co.uk/favicon.ico
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://busca.buscape.com.br/
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://busca.buscape.com.br/favicon.ico
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886516745.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://busca.estadao.com.br/favicon.ico
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://busca.igbusca.com.br/
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845622990.000002CCE5296000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://busca.igbusca.com.br//app/static/images/favicon.ico
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://busca.orange.es/
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://busca.uol.com.br/
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://busca.uol.com.br/J
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://busca.uol.com.br/favicon.ico
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://busca.uol.com.br/favicon.ico3
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://buscador.lycos.es/
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://buscador.lycos.es/R
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://buscador.terra.com.br/
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://buscador.terra.com/
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://buscador.terra.com/favicon.ico
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886516745.000002CCE529B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://buscador.terra.com/favicon.ico/
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://buscador.terra.es/
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://buscador.terra.es/z
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://buscar.ozu.es/
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C2000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://buscar.ya.com/
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://busqueda.aol.com.mx/
Source: BraveBrowserSetup-BRV010.exe, BraveCrashHandler.exe.0.dr, BraveUpdateBroker.exe.1.dr, goopdateres_ta.dll.1.dr, goopdateres_ms.dll.1.dr, goopdateres_gu.dll.1.dr, goopdateres_hr.dll.1.dr, goopdateres_hi.dll.0.dr, goopdateres_mr.dll.1.dr, goopdateres_pl.dll.1.dr, goopdateres_gu.dll.0.dr, BraveUpdate.exe.1.dr, goopdateres_ko.dll.1.dr, BraveUpdateCore.exe.1.dr, goopdateres_ar.dll.0.dr, goopdateres_pt-PT.dll.1.dr, goopdateres_da.dll.0.dr, goopdateres_lv.dll.1.dr, goopdateres_hr.dll.0.dr, goopdateres_pt-BR.dll.0.dr, goopdateres_pt-BR.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: BraveBrowserSetup-BRV010.exe, BraveCrashHandler.exe.0.dr, BraveUpdateBroker.exe.1.dr, goopdateres_ta.dll.1.dr, goopdateres_ms.dll.1.dr, goopdateres_gu.dll.1.dr, goopdateres_hr.dll.1.dr, goopdateres_hi.dll.0.dr, goopdateres_mr.dll.1.dr, goopdateres_pl.dll.1.dr, goopdateres_gu.dll.0.dr, BraveUpdate.exe.1.dr, goopdateres_ko.dll.1.dr, BraveUpdateCore.exe.1.dr, goopdateres_ar.dll.0.dr, goopdateres_pt-PT.dll.1.dr, goopdateres_da.dll.0.dr, goopdateres_lv.dll.1.dr, goopdateres_hr.dll.0.dr, goopdateres_pt-BR.dll.0.dr, goopdateres_pt-BR.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: BraveBrowserSetup-BRV010.exe, BraveCrashHandler.exe.0.dr, BraveUpdateBroker.exe.1.dr, goopdateres_ta.dll.1.dr, goopdateres_ms.dll.1.dr, goopdateres_gu.dll.1.dr, goopdateres_hr.dll.1.dr, goopdateres_hi.dll.0.dr, goopdateres_mr.dll.1.dr, goopdateres_pl.dll.1.dr, goopdateres_gu.dll.0.dr, BraveUpdate.exe.1.dr, goopdateres_ko.dll.1.dr, BraveUpdateCore.exe.1.dr, goopdateres_ar.dll.0.dr, goopdateres_pt-PT.dll.1.dr, goopdateres_da.dll.0.dr, goopdateres_lv.dll.1.dr, goopdateres_hr.dll.0.dr, goopdateres_pt-BR.dll.0.dr, goopdateres_pt-BR.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: BraveBrowserSetup-BRV010.exe, BraveCrashHandler.exe.0.dr, BraveUpdateBroker.exe.1.dr, goopdateres_ta.dll.1.dr, goopdateres_ms.dll.1.dr, goopdateres_gu.dll.1.dr, goopdateres_hr.dll.1.dr, goopdateres_hi.dll.0.dr, goopdateres_mr.dll.1.dr, goopdateres_pl.dll.1.dr, goopdateres_gu.dll.0.dr, BraveUpdate.exe.1.dr, goopdateres_ko.dll.1.dr, BraveUpdateCore.exe.1.dr, goopdateres_ar.dll.0.dr, goopdateres_pt-PT.dll.1.dr, goopdateres_da.dll.0.dr, goopdateres_lv.dll.1.dr, goopdateres_hr.dll.0.dr, goopdateres_pt-BR.dll.0.dr, goopdateres_pt-BR.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cerca.lycos.it/
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cgi.search.biglobe.ne.jp/
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886516745.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cgi.search.biglobe.ne.jp/favicon.ico
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845622990.000002CCE5296000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients5.google.com/complete/search?hl=
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cnet.search.com/
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845861544.000002CCE52B5000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52B6000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cnweb.search.live.com/results.aspx?q=
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://corp.naukri.com/
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://corp.naukri.com/favicon.ico
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://corp.naukri.com/favicon.icoH
Source: svchost.exe, 0000000D.00000002.2887025752.0000026B64E00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
Source: BraveBrowserSetup-BRV010.exe, BraveCrashHandler.exe.0.dr, BraveUpdateBroker.exe.1.dr, goopdateres_ta.dll.1.dr, goopdateres_ms.dll.1.dr, goopdateres_gu.dll.1.dr, goopdateres_hr.dll.1.dr, goopdateres_hi.dll.0.dr, goopdateres_mr.dll.1.dr, goopdateres_pl.dll.1.dr, goopdateres_gu.dll.0.dr, BraveUpdate.exe.1.dr, goopdateres_ko.dll.1.dr, BraveUpdateCore.exe.1.dr, goopdateres_ar.dll.0.dr, goopdateres_pt-PT.dll.1.dr, goopdateres_da.dll.0.dr, goopdateres_lv.dll.1.dr, goopdateres_hr.dll.0.dr, goopdateres_pt-BR.dll.0.dr, goopdateres_pt-BR.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: BraveBrowserSetup-BRV010.exe, BraveCrashHandler.exe.0.dr, BraveUpdateBroker.exe.1.dr, goopdateres_ta.dll.1.dr, goopdateres_ms.dll.1.dr, goopdateres_gu.dll.1.dr, goopdateres_hr.dll.1.dr, goopdateres_hi.dll.0.dr, goopdateres_mr.dll.1.dr, goopdateres_pl.dll.1.dr, goopdateres_gu.dll.0.dr, BraveUpdate.exe.1.dr, goopdateres_ko.dll.1.dr, BraveUpdateCore.exe.1.dr, goopdateres_ar.dll.0.dr, goopdateres_pt-PT.dll.1.dr, goopdateres_da.dll.0.dr, goopdateres_lv.dll.1.dr, goopdateres_hr.dll.0.dr, goopdateres_pt-BR.dll.0.dr, goopdateres_pt-BR.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: BraveBrowserSetup-BRV010.exe, BraveCrashHandler.exe.0.dr, BraveUpdateBroker.exe.1.dr, goopdateres_ta.dll.1.dr, goopdateres_ms.dll.1.dr, goopdateres_gu.dll.1.dr, goopdateres_hr.dll.1.dr, goopdateres_hi.dll.0.dr, goopdateres_mr.dll.1.dr, goopdateres_pl.dll.1.dr, goopdateres_gu.dll.0.dr, BraveUpdate.exe.1.dr, goopdateres_ko.dll.1.dr, BraveUpdateCore.exe.1.dr, goopdateres_ar.dll.0.dr, goopdateres_pt-PT.dll.1.dr, goopdateres_da.dll.0.dr, goopdateres_lv.dll.1.dr, goopdateres_hr.dll.0.dr, goopdateres_pt-BR.dll.0.dr, goopdateres_pt-BR.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: goopdateres_cs.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: BraveBrowserSetup-BRV010.exe, BraveCrashHandler.exe.0.dr, BraveUpdateBroker.exe.1.dr, goopdateres_ta.dll.1.dr, goopdateres_ms.dll.1.dr, goopdateres_gu.dll.1.dr, goopdateres_hr.dll.1.dr, goopdateres_hi.dll.0.dr, goopdateres_mr.dll.1.dr, goopdateres_pl.dll.1.dr, goopdateres_gu.dll.0.dr, BraveUpdate.exe.1.dr, goopdateres_ko.dll.1.dr, BraveUpdateCore.exe.1.dr, goopdateres_ar.dll.0.dr, goopdateres_pt-PT.dll.1.dr, goopdateres_da.dll.0.dr, goopdateres_lv.dll.1.dr, goopdateres_hr.dll.0.dr, goopdateres_pt-BR.dll.0.dr, goopdateres_pt-BR.dll.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://de.search.yahoo.com/
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C2000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://de.search.yahoo.com/$
Source: svchost.exe, 0000000D.00000003.1706153984.0000026B65018000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
Source: svchost.exe, 0000000D.00000003.1706153984.0000026B65018000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acosgr5ufcefr7w7nv4v6k4ebdda_117.0.5938.132/117.0.5
Source: svchost.exe, 0000000D.00000003.1706153984.0000026B65018000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
Source: svchost.exe, 0000000D.00000003.1706153984.0000026B65018000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
Source: svchost.exe, 0000000D.00000003.1706153984.0000026B65018000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
Source: svchost.exe, 0000000D.00000003.1706153984.0000026B65018000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
Source: svchost.exe, 0000000D.00000003.1706153984.0000026B6504D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886516745.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://es.ask.com/
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C2000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://es.search.yahoo.com/
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52A6000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://esearch.rakuten.co.jp/
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://espanol.search.yahoo.com/
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://espn.go.com/favicon.ico
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://espn.go.com/favicon.icoV
Source: svchost.exe, 0000000D.00000003.1706153984.0000026B65107000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://find.joins.com/
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fr.search.yahoo.com/
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C2000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fr.search.yahoo.com/0
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.pchome.com.tw/
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.altervista.org/
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.altervista.org/favicon.ico
Source: iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ie.search.yahoo.com/os?command=
Source: iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ie8.ebay.com/open
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ie8.ebay.com/open-search/output-xml.php?q=
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://image.excite.co.jp/jp/favicon/lep.ico
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://images.joins.com/ui_c/fvc_joins.ico
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886516745.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://images.monster.com/favicon.ico
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://img.atlas.cz/favicon.ico
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE5296000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://img.shopzilla.com/shopzilla/shopzilla.ico
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://img.shopzilla.com/shopzilla/shopzilla.ico:
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C2000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://in.search.yahoo.com/
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://it.search.dada.net/
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886516745.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://it.search.dada.net/favicon.ico
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://it.search.yahoo.com/
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C2000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://it.search.yahoo.com/p
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jobsearch.monster.com/
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jobsearch.monster.com/_
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C2000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://kr.search.yahoo.com/
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://list.taobao.com/
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://list.taobao.com/browse/search_visual.htm?n=15&amp;q=
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://list.taobao.com/browse/search_visual.htm?n=15&q=
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://msk.afisha.ru/
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocnsearch.goo.ne.jp/
Source: BraveBrowserSetup-BRV010.exe, BraveCrashHandler.exe.0.dr, BraveUpdateBroker.exe.1.dr, goopdateres_ta.dll.1.dr, goopdateres_ms.dll.1.dr, goopdateres_gu.dll.1.dr, goopdateres_hr.dll.1.dr, goopdateres_hi.dll.0.dr, goopdateres_mr.dll.1.dr, goopdateres_pl.dll.1.dr, goopdateres_gu.dll.0.dr, BraveUpdate.exe.1.dr, goopdateres_ko.dll.1.dr, BraveUpdateCore.exe.1.dr, goopdateres_ar.dll.0.dr, goopdateres_pt-PT.dll.1.dr, goopdateres_da.dll.0.dr, goopdateres_lv.dll.1.dr, goopdateres_hr.dll.0.dr, goopdateres_pt-BR.dll.0.dr, goopdateres_pt-BR.dll.1.drString found in binary or memory: http://ocsp.digicert.com0
Source: BraveBrowserSetup-BRV010.exe, BraveCrashHandler.exe.0.dr, BraveUpdateBroker.exe.1.dr, goopdateres_ta.dll.1.dr, goopdateres_ms.dll.1.dr, goopdateres_gu.dll.1.dr, goopdateres_hr.dll.1.dr, goopdateres_hi.dll.0.dr, goopdateres_mr.dll.1.dr, goopdateres_pl.dll.1.dr, goopdateres_gu.dll.0.dr, BraveUpdate.exe.1.dr, goopdateres_ko.dll.1.dr, BraveUpdateCore.exe.1.dr, goopdateres_ar.dll.0.dr, goopdateres_pt-PT.dll.1.dr, goopdateres_da.dll.0.dr, goopdateres_lv.dll.1.dr, goopdateres_hr.dll.0.dr, goopdateres_pt-BR.dll.0.dr, goopdateres_pt-BR.dll.1.drString found in binary or memory: http://ocsp.digicert.com0A
Source: BraveBrowserSetup-BRV010.exe, BraveCrashHandler.exe.0.dr, BraveUpdateBroker.exe.1.dr, goopdateres_ta.dll.1.dr, goopdateres_ms.dll.1.dr, goopdateres_gu.dll.1.dr, goopdateres_hr.dll.1.dr, goopdateres_hi.dll.0.dr, goopdateres_mr.dll.1.dr, goopdateres_pl.dll.1.dr, goopdateres_gu.dll.0.dr, BraveUpdate.exe.1.dr, goopdateres_ko.dll.1.dr, BraveUpdateCore.exe.1.dr, goopdateres_ar.dll.0.dr, goopdateres_pt-PT.dll.1.dr, goopdateres_da.dll.0.dr, goopdateres_lv.dll.1.dr, goopdateres_hr.dll.0.dr, goopdateres_pt-BR.dll.0.dr, goopdateres_pt-BR.dll.1.drString found in binary or memory: http://ocsp.digicert.com0C
Source: BraveBrowserSetup-BRV010.exe, BraveCrashHandler.exe.0.dr, BraveUpdateBroker.exe.1.dr, goopdateres_ta.dll.1.dr, goopdateres_ms.dll.1.dr, goopdateres_gu.dll.1.dr, goopdateres_hr.dll.1.dr, goopdateres_hi.dll.0.dr, goopdateres_mr.dll.1.dr, goopdateres_pl.dll.1.dr, goopdateres_gu.dll.0.dr, BraveUpdate.exe.1.dr, goopdateres_ko.dll.1.dr, BraveUpdateCore.exe.1.dr, goopdateres_ar.dll.0.dr, goopdateres_pt-PT.dll.1.dr, goopdateres_da.dll.0.dr, goopdateres_lv.dll.1.dr, goopdateres_hr.dll.0.dr, goopdateres_pt-BR.dll.0.dr, goopdateres_pt-BR.dll.1.drString found in binary or memory: http://ocsp.digicert.com0X
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://openimage.interpark.com/interpark.ico
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p.zhongsou.com/
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p.zhongsou.com/;
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p.zhongsou.com/favicon.ico
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p.zhongsou.com/favicon.ico7
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://price.ru/
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://price.ru/_
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://price.ru/favicon.ico
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://recherche.linternaute.com/
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://recherche.tf1.fr/
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://recherche.tf1.fr/favicon.ico
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://recherche.tf1.fr/n
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://rover.ebay.com
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C2000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ru.search.yahoo.com
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sads.myspace.com/
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search-dyn.tiscali.it/
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search-dyn.tiscali.it/H
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.about.com/Q
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C2000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.alice.it/
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.alice.it/favicon.ico
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.aol.co.uk/
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.aol.com/
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.aol.in/
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.aol.in/3
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.atlas.cz/
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.auction.co.kr/
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.auone.jp/
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C2000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.auone.jp/L
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.books.com.tw/
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.books.com.tw/favicon.ico
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.books.com.tw/favicon.icoa
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.centrum.cz/
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.centrum.cz/favicon.ico
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.chol.com/
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.chol.com/favicon.ico
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.chol.com/g
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.cn.yahoo.com/
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C2000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.cn.yahoo.com/v
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.daum.net/
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.daum.net/favicon.ico
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.daum.net/s
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.dreamwiz.com/
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.dreamwiz.com/favicon.ico
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.dreamwiz.com/favicon.ico)
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.ebay.co.uk/
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.ebay.com/
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.ebay.com/favicon.ico
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.ebay.com/favicon.icoQ
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.ebay.com/favicon.icoo
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.ebay.com/favicon.icor
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.ebay.de/
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.ebay.es/
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.ebay.fr/
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.ebay.fr/=
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.ebay.in/
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.ebay.it/
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.empas.com/
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.empas.com/%
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.empas.com/favicon.ico
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.espn.go.com/
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.espn.go.com/u
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.gamer.com.tw/
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.gamer.com.tw/favicon.ico
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.gismeteo.ru/
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C2000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.goo.ne.jp/
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.goo.ne.jp/favicon.ico
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.hanafos.com/
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.hanafos.com/U
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.hanafos.com/favicon.ico
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886516745.000002CCE529B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.hanafos.com/favicon.icoO
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52A6000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.interpark.com/
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.interpark.com/Z
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.ipop.co.kr/
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.ipop.co.kr/1
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.ipop.co.kr/favicon.ico
Source: iexplore.exe, 00000010.00000002.2886393600.000002CCE5280000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/re
Source: iexplore.exe, 00000010.00000002.2886393600.000002CCE5280000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=IEFM1&amp;q=
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886606067.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5280000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=IEFM1&q=
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=SO2TDF&amp;q=
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886606067.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52A6000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=SO2TDF&q=
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=SOLTDF&amp;q=
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886606067.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52A6000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=SOLTDF&q=
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=
Source: iexplore.exe, 00000010.00000002.2884780310.000002CCE4D96000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=%7BsearchTerms%7D&FORM=AS5)
Source: iexplore.exe, 00000010.00000002.2884780310.000002CCE4D96000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=%7BsearchTerms%7D&FORM=AS6;
Source: iexplore.exe, 00000010.00000002.2884780310.000002CCE4D96000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=%7BsearchTerms%7D&FORM=CBPW
Source: iexplore.exe, 00000010.00000002.2884780310.000002CCE4CDC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=%7BsearchTerms%7D&FORM=IE7BOX&src=%7Breferrer:source?%7D
Source: iexplore.exe, 00000010.00000002.2884780310.000002CCE4CDC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=%7BsearchTerms%7D&FORM=IE7RE&src=%7Breferrer:source?%7D
Source: iexplore.exe, 00000010.00000002.2883521469.000002CCE2571000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=%7BsearchTerms%7D&FORM=MSNIE7&src=%7Breferrer:source?%7D
Source: iexplore.exe, 00000010.00000002.2884780310.000002CCE4D96000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=%7BsearchTerms%7D&Form=IE8SRC&src=%7Breferrer:source%7D5
Source: iexplore.exe, 00000010.00000002.2883521469.000002CCE2625000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=%7BsearchTerms%7D&mkt=%7BLanguage%7D&FORM=IE8SRC&src=%7Breferr
Source: iexplore.exe, 00000010.00000002.2884780310.000002CCE4CDC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=%7BsearchTerms%7D&src=%7Breferrer:source?%7D
Source: iexplore.exe, 00000010.00000002.2884780310.000002CCE4D96000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=%7BsearchTerms%7D&src=%7Breferrer:source?%7D&Form=IE8SRCI
Source: iexplore.exe, 00000010.00000002.2884780310.000002CCE4CDC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=%7BsearchTerms%7D&src=IE-SearchBox&Form=IE8SRC
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.livedoor.com/
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.livedoor.com/favicon.ico
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886516745.000002CCE529B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.livedoor.com/favicon.ico_
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.lycos.co.uk/
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.lycos.com/
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.lycos.com/favicon.ico
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.msn.co.jp/results.aspx?q=
Source: iexplore.exe, 00000010.00000002.2884780310.000002CCE4D96000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.msn.co.jp/results.aspx?q=%7BsearchTerms%7D&FORM=AS5A
Source: iexplore.exe, 00000010.00000002.2884780310.000002CCE4D96000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.msn.co.jp/results.aspx?q=%7BsearchTerms%7D&FORM=AS6w
Source: iexplore.exe, 00000010.00000002.2884780310.000002CCE4D96000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.msn.co.jp/results.aspx?q=%7BsearchTerms%7D&FORM=CBPWD
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.msn.co.uk/results.aspx?q=
Source: iexplore.exe, 00000010.00000002.2884780310.000002CCE4D96000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.msn.co.uk/results.aspx?q=%7BsearchTerms%7D&FORM=AS5
Source: iexplore.exe, 00000010.00000002.2884780310.000002CCE4D96000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.msn.co.uk/results.aspx?q=%7BsearchTerms%7D&FORM=AS6
Source: iexplore.exe, 00000010.00000002.2884780310.000002CCE4D96000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.msn.co.uk/results.aspx?q=%7BsearchTerms%7D&FORM=CBPW
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.msn.com.cn/results.aspx?q=
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.msn.com/results.aspx?q=
Source: iexplore.exe, 00000010.00000002.2884780310.000002CCE4D96000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.msn.com/results.aspx?q=%7BsearchTerms%7D&FORM=AS5
Source: iexplore.exe, 00000010.00000002.2884780310.000002CCE4D96000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.msn.com/results.aspx?q=%7BsearchTerms%7D&FORM=AS6_
Source: iexplore.exe, 00000010.00000002.2884780310.000002CCE4D96000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.msn.com/results.aspx?q=%7BsearchTerms%7D&FORM=CBPW
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.nate.com/
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.naver.com/
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.naver.com/M
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.naver.com/favicon.ico
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C2000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.nifty.com/
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.orange.co.uk/
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886516745.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.orange.co.uk/favicon.ico
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.rediff.com/
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886516745.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.rediff.com/favicon.ico
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.seznam.cz/
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.seznam.cz/favicon.ico
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.seznam.cz/v
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.sify.com/
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.yahoo.co.jp
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886516745.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.yahoo.co.jp/favicon.ico
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.yahoo.co.jpC
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C2000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.yahoo.com/
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.yahoo.com/favicon.ico
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.yahoo.com/favicon.icof
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?output=iejson&amp;p=
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?output=iejson&p=
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.yam.com/
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.yam.com//
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search1.taobao.com/
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search2.estadao.com.br/
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://searchresults.news.com.au/
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://service2.bfast.com/
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://service2.bfast.com/8
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886516745.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sitesearch.timesonline.co.uk/
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://so-net.search.goo.ne.jp/
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://suche.aol.de/
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://suche.freenet.de/
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://suche.freenet.de/favicon.ico
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://suche.lycos.de/
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://suche.t-online.de/
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://suche.t-online.de/h
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C2000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://suche.web.de/
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://suche.web.de/favicon.ico
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tw.search.yahoo.com/
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C2000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tw.search.yahoo.com/(
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://udn.com/
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://udn.com/favicon.ico
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://uk.ask.com/
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://uk.ask.com/favicon.ico
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C2000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://uk.search.yahoo.com/
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vachercher.lycos.fr/
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://video.globo.com/
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://video.globo.com/favicon.ico
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886516745.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.ask.com/
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886606067.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.abril.com.br/
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C2000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.abril.com.br/T
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886606067.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.abril.com.br/favicon.ico
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.abril.com.br/favicon.icoL
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.afisha.ru/App_Themes/Default/images/favicon.ico
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.alarabiya.net/
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.alarabiya.net/Y
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886516745.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.alarabiya.net/favicon.ico
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.amazon.co.jp/
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.amazon.co.uk/W
Source: iexplore.exe, 00000010.00000002.2889214539.000002CCE8930000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.amazon.com/
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.amazon.com/exec/obidos/external-search/104-2981279-3455918?index=blended&keyword=
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.amazon.com/favicon.ico
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.amazon.com/favicon.icod
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.amazon.com/gp/search?ie=UTF8&tag=ie8search-20&index=blended&linkCode=qs&camp=1789&creativ
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.amazon.de/m
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.aol.com/favicon.ico
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.arrakis.com/
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.arrakis.com/favicon.ico
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.asharqalawsat.com/
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886516745.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.asharqalawsat.com/favicon.ico
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886516745.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ask.com/
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.auction.co.kr/auction.ico
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886516745.000002CCE529B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.auction.co.kr/auction.ico7
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C2000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.baidu.com/
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.baidu.com/favicon.ico
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cdiscount.com/
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cdiscount.com/favicon.ico
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886606067.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ceneo.pl/
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C2000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ceneo.pl/X
Source: iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ceneo.pl/favicon.ico
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.chennaionline.com/ncommon/images/collogo.ico
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.chennaionline.com/ncommon/images/collogo.ico##
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52A6000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cjmall.com/
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52A6000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cjmall.com/favicon.ico
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cjmall.com/k
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.clarin.com/favicon.ico
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cnet.co.uk/
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cnet.com/favicon.ico
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.dailymail.co.uk/
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886516745.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.dailymail.co.uk/favicon.ico
Source: BraveBrowserSetup-BRV010.exe, BraveCrashHandler.exe.0.dr, BraveUpdateBroker.exe.1.dr, goopdateres_ta.dll.1.dr, goopdateres_ms.dll.1.dr, goopdateres_gu.dll.1.dr, goopdateres_hr.dll.1.dr, goopdateres_hi.dll.0.dr, goopdateres_mr.dll.1.dr, goopdateres_pl.dll.1.dr, goopdateres_gu.dll.0.dr, BraveUpdate.exe.1.dr, goopdateres_ko.dll.1.dr, BraveUpdateCore.exe.1.dr, goopdateres_ar.dll.0.dr, goopdateres_pt-PT.dll.1.dr, goopdateres_da.dll.0.dr, goopdateres_lv.dll.1.dr, goopdateres_hr.dll.0.dr, goopdateres_pt-BR.dll.0.dr, goopdateres_pt-BR.dll.1.drString found in binary or memory: http://www.digicert.com/CPS0
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.etmall.com.tw/
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.etmall.com.tw/favicon.ico
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C2000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.excite.co.jp/
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.expedia.com/
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.expedia.com/favicon.ico
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.expedia.com/favicon.ico:
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.expedia.com/y
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gismeteo.ru/favicon.ico
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52A6000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gmarket.co.kr/
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52A6000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gmarket.co.kr/favicon.ico
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886516745.000002CCE529B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gmarket.co.kr/favicon.icoG
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.co.in/
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.co.jp/
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.co.uk/
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com.br/
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com.sa/
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com.tw/
Source: iexplore.exe, 00000010.00000002.2889214539.000002CCE8A62000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/O
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/_
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/favicon.ico
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/favicon.icop
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.cz/
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.cz/I
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.de/
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.es/
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.fr/
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.it/
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.pl/
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.ru/
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.ru/p
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.si/
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iask.com/
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iask.com/favicon.ico
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iask.com/favicon.icoZ
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.kkbox.com.tw/
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.kkbox.com.tw/favicon.ico
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886516745.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.linternaute.com/favicon.ico
Source: iexplore.exe, 00000010.00000002.2889214539.000002CCE8A62000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.live.com/
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.maktoob.com/favicon.ico
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.maktoob.com/favicon.icot
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mercadolibre.com.mx/
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886516745.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mercadolibre.com.mx/favicon.ico
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mercadolivre.com.br/
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886516745.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mercadolivre.com.br/favicon.ico
Source: iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C2000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.merlin.com.pl/
Source: iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886516745.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.merlin.com.pl/favicon.ico
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mtv.com/
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mtv.com/B
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mtv.com/favicon.ico
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mtv.com/favicon.icob
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.myspace.com/favicon.ico
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.myspace.com/favicon.icoF
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.najdi.si/
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.najdi.si/favicon.ico
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.najdi.si/favicon.icoA
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nate.com/favicon.ico
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nate.com/favicon.icof
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.neckermann.de/
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886516745.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.neckermann.de/favicon.ico
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.news.com.au/favicon.ico
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nifty.com/favicon.ico
Source: iexplore.exe, 00000010.00000002.2889214539.000002CCE8A62000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nytimes.com/
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ocn.ne.jp/favicon.ico
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ocn.ne.jp/favicon.icoa
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.orange.fr/
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.otto.de/favicon.ico
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ozon.ru/
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ozon.ru/favicon.ico
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ozu.es/favicon.ico
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.paginasamarillas.es/
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886516745.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.paginasamarillas.es/favicon.ico
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886516745.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pchome.com.tw/favicon.ico
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.priceminister.com/
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886516745.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.priceminister.com/favicon.ico
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52A6000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rakuten.co.jp/favicon.ico
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886516745.000002CCE529B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rakuten.co.jp/favicon.icoo
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rambler.ru/
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rambler.ru/7
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rambler.ru/favicon.ico
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.recherche.aol.fr/
Source: iexplore.exe, 00000010.00000002.2889214539.000002CCE8A62000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.reddit.com/
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rtl.de/
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rtl.de/?
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rtl.de/favicon.ico
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rtl.de/favicon.icoF
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.servicios.clarin.com/
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.shopzilla.com/
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sify.com/favicon.ico
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886516745.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.so-net.ne.jp/share/favicon.ico
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sogou.com/
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sogou.com/)
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sogou.com/favicon.ico
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sogou.com/favicon.icoh
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.soso.com/
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.soso.com/favicon.ico
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.t-online.de/favicon.ico
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.t-online.de/favicon.icob
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.taobao.com/
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.taobao.com/favicon.ico
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.target.com/
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.target.com/favicon.ico
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tchibo.de/
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tchibo.de/favicon.ico
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tchibo.de/favicon.icoA
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tesco.com/
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tesco.com/d
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tesco.com/favicon.ico
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tesco.com/favicon.ico_
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.timesonline.co.uk/img/favicon.ico
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tiscali.it/favicon.ico
Source: iexplore.exe, 00000010.00000002.2889214539.000002CCE8A62000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.twitter.com/
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.univision.com/
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.univision.com/F
Source: iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.univision.com/favicon.ico
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886516745.000002CCE529B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.univision.com/favicon.icoW
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C2000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.walmart.com/
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.walmart.com/favicon.ico
Source: iexplore.exe, 00000010.00000002.2889214539.000002CCE8A62000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.wikipedia.com/
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ya.com/favicon.ico
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.yam.com/favicon.ico
Source: iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.yam.com/favicon.icoS
Source: iexplore.exe, 00000010.00000002.2889214539.000002CCE8A62000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.youtube.com/
Source: iexplore.exe, 00000010.00000002.2892890232.000002CCE9380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.youtube.com/p
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www3.fnac.com/
Source: iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www3.fnac.com/favicon.ico
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845622990.000002CCE5296000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml-us.amznxslt.com/onca/xml?Service=AWSECommerceService&Version=2008-06-26&Operation=ItemSea
Source: iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://z.about.com/m/a08.ico
Source: iexplore.exe, 00000010.00000002.2886837892.000002CCE6D93000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByApp
Source: iexplore.exe, 00000010.00000002.2889214539.000002CCE8930000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS
Source: iexplore.exe, 00000010.00000002.2889214539.000002CCE8930000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOSGs
Source: iexplore.exe, 00000010.00000002.2889214539.000002CCE8930000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOSL
Source: 16D5LSYJ.htm.31.drString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/common.8654406504af07aa9c45.js
Source: 16D5LSYJ.htm.31.drString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/experience.1287eb605f92d676502d.js
Source: 16D5LSYJ.htm.31.drString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/microsoft.afc9b4502f5cf6f88cca.js
Source: 16D5LSYJ.htm.31.drString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/vendors.79af82f3c5b028c7ea81.js
Source: manifest.json.22.drString found in binary or memory: https://chrome.google.com/webstore/
Source: manifest.json.22.drString found in binary or memory: https://chromewebstore.google.com/
Source: iexplore.exe, 00000010.00000002.2886837892.000002CCE6D45000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2890941773.000002CCE8C07000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
Source: 000003.log5.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr
Source: svchost.exe, 0000000D.00000003.1706153984.0000026B650C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6
Source: svchost.exe, 0000000D.00000003.1706153984.0000026B65072000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.1706153984.0000026B6500E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/Prod.C:
Source: svchost.exe, 0000000D.00000003.1706153984.0000026B650C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2
Source: svchost.exe, 0000000D.00000003.1706153984.0000026B650A3000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.1706153984.0000026B650F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
Source: svchost.exe, 0000000D.00000003.1706153984.0000026B650C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96
Source: iexplore.exe, 00000010.00000002.2889214539.000002CCE8996000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.co&p?
Source: iexplore.exe, 00000010.00000002.2883521469.000002CCE2605000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2883521469.000002CCE25D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
Source: iexplore.exe, 00000010.00000002.2886837892.000002CCE6D45000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886837892.000002CCE6C03000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2889214539.000002CCE8930000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2889214539.000002CCE89E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
Source: iexplore.exe, 00000010.00000002.2889214539.000002CCE8996000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf
Source: iexplore.exe, 00000010.00000002.2889214539.000002CCE8996000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2
Source: iexplore.exe, 00000010.00000002.2886837892.000002CCE6C03000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2889214539.000002CCE8996000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
Source: iexplore.exe, 00000010.00000002.2889214539.000002CCE8996000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srfhannelFactory3970
Source: iexplore.exe, 00000010.00000002.2886837892.000002CCE6D23000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2884780310.000002CCE4D65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
Source: iexplore.exe, 00000010.00000002.2884780310.000002CCE4DB0000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.comJ
Source: svchost.exe, 0000000D.00000003.1706153984.0000026B650C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneclient.sfx.ms/Win/Installers/23.194.0917.0001/amd64/OneDriveSetup.exe
Source: svchost.exe, 0000000D.00000003.1706153984.0000026B65072000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe.C:
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000023D8000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000023D5000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1655460731.000000000153D000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.drString found in binary or memory: https://support.brave.com/hlproductfrom_extra_codesptestsource%1%2ATL:%p%s
Source: svchost.exe, 0000000D.00000002.2888180447.0000026B64F3A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://updates-cdn.bravesoftware.com/buO
Source: BraveUpdate.exe, 0000000C.00000003.2391943490.0000000000CAA000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 0000000C.00000003.2423216917.0000000000CB4000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 0000000C.00000003.2402791709.0000000000C7D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 0000000C.00000003.2389039087.00000000024C8000.00000004.00000800.00020000.00000000.sdmp, BraveUpdate.exe, 0000000C.00000002.2434815361.0000000000CEA000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 0000000C.00000003.2391943490.0000000000C6C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 0000000C.00000003.2390888380.0000000002110000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 0000000C.00000003.2413075535.0000000000CE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://updates-cdn.bravesoftware.com/build/Brave-Release/release/win/122.1.63.174/x64/
Source: BraveUpdate.exe, 0000000C.00000003.2391943490.0000000000CAA000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 0000000C.00000003.2423216917.0000000000CB4000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 0000000C.00000002.2433369457.0000000000CB5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://updates-cdn.bravesoftware.com/build/Brave-Release/release/win/122.1.63.174/x64/#
Source: svchost.exe, 0000000D.00000002.2884454849.0000026B5FA2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.1770409400.0000026B65001000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.2889452113.0000026B65150000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.1933520275.0000026B64F3F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.2885888789.0000026B60640000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://updates-cdn.bravesoftware.com/build/Brave-Release/release/win/122.1.63.174/x64/brave_install
Source: svchost.exe, 0000000D.00000003.2574543223.0000026B64E95000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.2887350614.0000026B64E95000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://updates-cdn.bravesoftware.com:443/build/Brave-Release/release/win/122.1.63.174/x64/brave_ins
Source: BraveUpdate.exe, 0000000A.00000003.1700214205.0000000000C97000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 0000000A.00000002.1701523617.0000000000C97000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 0000000C.00000003.2424048360.0000000000C54000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 0000000C.00000003.2416118886.0000000000C4C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 0000000C.00000002.2431558850.0000000000C55000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://updates.bravesoftware.com/
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000023D8000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000023D5000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.drString found in binary or memory: https://updates.bravesoftware.com/cr/reportBraveSoftware
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000023D8000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000023D5000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1655460731.000000000153D000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.drString found in binary or memory: https://updates.bravesoftware.com/service/check2/recover&appid=%s&appversion=%s&applang=%s&machine=%
Source: BraveUpdate.exe, 0000000A.00000003.1700214205.0000000000CA8000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 0000000A.00000003.1700214205.0000000000CB2000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 0000000A.00000002.1701523617.0000000000CB2000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 0000000A.00000002.1701409407.0000000000C40000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 0000000A.00000002.1701409407.0000000000C49000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 0000000A.00000002.1701523617.0000000000CA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://updates.bravesoftware.com/service/update2
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000023D8000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000023D5000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1655460731.000000000153D000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.drString found in binary or memory: https://updates.bravesoftware.com/support/installer/?https://updates.bravesoftware.com/service/updat
Source: iexplore.exe, 00000010.00000002.2889214539.000002CCE8976000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/me.dll
Source: content_new.js.22.drString found in binary or memory: https://www.google.com/chrome
Source: iexplore.exe, 00000010.00000002.2889214539.000002CCE8A46000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2889214539.000002CCE8930000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/
Source: {EF70AC9F-E507-11EE-8C2C-ECF4BBEA1588}.dat.16.dr, ~DFDB7369485B29AF41.TMP.16.drString found in binary or memory: https://www.msn.com/?ocid=iehp
Source: iexplore.exe, 00000010.00000002.2889214539.000002CCE8A53000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp)
Source: iexplore.exe, 00000010.00000002.2889214539.000002CCE8996000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp-
Source: iexplore.exe, 00000010.00000002.2889214539.000002CCE8A53000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp.dll
Source: iexplore.exe, 00000010.00000002.2890941773.000002CCE8C07000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp.ico
Source: iexplore.exe, 00000010.00000002.2883521469.000002CCE2605000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2883521469.000002CCE262C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2884780310.000002CCE4D65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp/p/?LinkId=255141
Source: iexplore.exe, 00000010.00000002.2886837892.000002CCE6BB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp/p/?LinkId=255141(
Source: iexplore.exe, 00000010.00000002.2886837892.000002CCE6D45000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp/p/?LinkId=255141X
Source: iexplore.exe, 00000010.00000002.2886837892.000002CCE6C44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp/p/?LinkId=255141h
Source: iexplore.exe, 00000010.00000002.2886837892.000002CCE6D9B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp002
Source: iexplore.exe, 00000010.00000002.2886837892.000002CCE6C44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp2
Source: iexplore.exe, 00000010.00000002.2889214539.000002CCE8A6F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2889214539.000002CCE89E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp3
Source: iexplore.exe, 00000010.00000002.2890941773.000002CCE8BCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp4
Source: iexplore.exe, 00000010.00000002.2889214539.000002CCE8996000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp:
Source: iexplore.exe, 00000010.00000002.2889214539.000002CCE89E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp:Sat:Saturdayu
Source: iexplore.exe, 00000010.00000002.2886837892.000002CCE6C03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp:p
Source: iexplore.exe, 00000010.00000002.2886837892.000002CCE6D9B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2889214539.000002CCE8976000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp;
Source: iexplore.exe, 00000010.00000002.2889214539.000002CCE8A6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpAE
Source: iexplore.exe, 00000010.00000002.2890941773.000002CCE8B24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpD
Source: iexplore.exe, 00000010.00000002.2886837892.000002CCE6D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpDm~?
Source: iexplore.exe, 00000010.00000002.2890941773.000002CCE8C62000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886837892.000002CCE6D9B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2889214539.000002CCE8996000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpF
Source: iexplore.exe, 00000010.00000002.2890941773.000002CCE8C62000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpH
Source: iexplore.exe, 00000010.00000002.2890941773.000002CCE8C62000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpLMEM(
Source: iexplore.exe, 00000010.00000002.2890941773.000002CCE8C07000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpLO
Source: iexplore.exe, 00000010.00000002.2886837892.000002CCE6D23000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2890941773.000002CCE8B84000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886837892.000002CCE6C03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpMicrosoft
Source: iexplore.exe, 00000010.00000002.2884587308.000002CCE3F40000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpMon
Source: iexplore.exe, 00000010.00000002.2886837892.000002CCE6D23000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2890941773.000002CCE8B84000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886837892.000002CCE6C03000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2889214539.000002CCE8996000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpTerms
Source: iexplore.exe, 00000010.00000002.2886837892.000002CCE6D45000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpWdtP&Windows.System.Uiehp
Source: iexplore.exe, 00000010.00000002.2889214539.000002CCE8A53000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2889214539.000002CCE8996000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpX
Source: iexplore.exe, 00000010.00000002.2890941773.000002CCE8B24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpYcE
Source: iexplore.exe, 00000010.00000002.2886837892.000002CCE6D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpYo
Source: iexplore.exe, 00000010.00000002.2890941773.000002CCE8C07000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpaO
Source: iexplore.exe, 00000010.00000002.2886837892.000002CCE6D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehphmJ?
Source: iexplore.exe, 00000010.00000002.2889214539.000002CCE8996000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpi
Source: iexplore.exe, 00000010.00000002.2889214539.000002CCE8996000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpico
Source: iexplore.exe, 00000010.00000002.2889214539.000002CCE8996000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpiehpTerms
Source: iexplore.exe, 00000010.00000002.2886837892.000002CCE6D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpiehphTerms
Source: iexplore.exe, 00000010.00000002.2886837892.000002CCE6C03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpiehpkID=403856&language=
Source: iexplore.exe, 00000010.00000002.2886837892.000002CCE6D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpiehpn.com/?ocid=iehprchBox&FORM=IE11SR
Source: iexplore.exe, 00000010.00000002.2886837892.000002CCE6C03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpink/p/?LinkId=255141inkId=255141p/?LinkId=25514193-D776-472f-A0FF-E141
Source: iexplore.exe, 00000010.00000002.2889214539.000002CCE8996000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpl
Source: iexplore.exe, 00000010.00000002.2886837892.000002CCE6C03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpnkId=255141rosoft.com/fwlink/p/?LinkId=25514193-D776-472f-A0FF-E1416B8
Source: iexplore.exe, 00000010.00000002.2890941773.000002CCE8B24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpoa_
Source: iexplore.exe, 00000010.00000002.2890941773.000002CCE8B84000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886837892.000002CCE6C03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehposoft
Source: iexplore.exe, 00000010.00000002.2889214539.000002CCE8996000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpp
Source: iexplore.exe, 00000010.00000002.2890941773.000002CCE8B84000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2890941773.000002CCE8C24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpp/?LinkId=255141
Source: iexplore.exe, 00000010.00000002.2886837892.000002CCE6CE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpp/?LinkId=2551417
Source: iexplore.exe, 00000010.00000002.2889214539.000002CCE8930000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpp/?LinkId=255141X
Source: iexplore.exe, 00000010.00000002.2889214539.000002CCE8930000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpp/?LinkId=255141lse
Source: iexplore.exe, 00000010.00000002.2890941773.000002CCE8C24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpp/?LinkId=255141ws6=
Source: iexplore.exe, 00000010.00000002.2884780310.000002CCE4D65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpr
Source: iexplore.exe, 00000010.00000002.2886837892.000002CCE6CE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehprosoft
Source: iexplore.exe, 00000010.00000002.2889214539.000002CCE8996000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehps
Source: iexplore.exe, 00000010.00000002.2890941773.000002CCE8B24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpscs
Source: iexplore.exe, 00000010.00000002.2884587308.000002CCE3F40000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpstorageTeststorageTest
Source: iexplore.exe, 00000010.00000002.2889214539.000002CCE8A53000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehptC
Source: iexplore.exe, 00000010.00000002.2886837892.000002CCE6D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpx
Source: iexplore.exe, 00000010.00000002.2889214539.000002CCE8A6F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2889214539.000002CCE89E4000.00000004.00000020.00020000.00000000.sdmp, imagestore.dat.16.drString found in binary or memory: https://www.msn.com/favicon.ico
Source: iexplore.exe, 00000010.00000002.2886837892.000002CCE6D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/favicon.ico3jm
Source: iexplore.exe, 00000010.00000002.2886837892.000002CCE6D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/favicon.ico5oo=0
Source: iexplore.exe, 00000010.00000002.2886837892.000002CCE6D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/favicon.icoQjC
Source: iexplore.exe, 00000010.00000002.2890941773.000002CCE8C62000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/favicon.icoX
Source: iexplore.exe, 00000010.00000002.2889214539.000002CCE8996000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/favicon.ico_
Source: iexplore.exe, 00000010.00000002.2890941773.000002CCE8B24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/favicon.icod=iehp
Source: iexplore.exe, 00000010.00000002.2889214539.000002CCE8996000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/favicon.icod=iehpX
Source: iexplore.exe, 00000010.00000002.2889214539.000002CCE8A53000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/favicon.icod=iehpp
Source: iexplore.exe, 00000010.00000002.2882084941.000000D7BFEF7000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/favicon.icok
Source: iexplore.exe, 00000010.00000002.2886837892.000002CCE6D9B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/favicon.icorosofthp
Source: iexplore.exe, 00000010.00000002.2889214539.000002CCE8A04000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/k
Source: iexplore.exe, 00000010.00000002.2886837892.000002CCE6D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/me.dllry
Source: iexplore.exe, 00000010.00000002.2890941773.000002CCE8B80000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886837892.000002CCE6CCF000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2884780310.000002CCE4D50000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886837892.000002CCE6C44000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2889214539.000002CCE8972000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2890941773.000002CCE8CB7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2890941773.000002CCE8C03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/spartan/ientp?locale=en-CH&market=CH&enableregulatorypsm=0&enablecpsm=0&NTLogo=0
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeCode function: 4_2_00007FF744A0498C lstrlenW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,GlobalFree,CloseClipboard,4_2_00007FF744A0498C
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeCode function: 4_2_00007FF744A0498C lstrlenW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,GlobalFree,CloseClipboard,4_2_00007FF744A0498C

System Summary

barindex
Downloads suspicious files via Chrome
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeFile dump: C:\Users\user\AppData\Local\Temp\scoped_dir7452_145037711\CRX_INSTALL\content.jsJump to dropped file
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeFile dump: C:\Users\user\AppData\Local\Temp\scoped_dir7452_145037711\CRX_INSTALL\content_new.jsJump to dropped file
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeFile dump: C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\page_embed_script.jsJump to dropped file
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeFile dump: C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\eventpage_bin_prod.jsJump to dropped file
Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeCode function: 0_2_008A41980_2_008A4198
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeCode function: 0_2_00895AB60_2_00895AB6
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeCode function: 0_2_008A7A0B0_2_008A7A0B
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeCode function: 0_2_0089C5D40_2_0089C5D4
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeCode function: 0_2_008A3D100_2_008A3D10
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeCode function: 0_2_008A168D0_2_008A168D
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeCode function: 1_2_00ED3C0B1_2_00ED3C0B
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCode function: 2_2_00813C0B2_2_00813C0B
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeCode function: 4_2_00007FF744A115484_2_00007FF744A11548
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeCode function: 4_2_00007FF744A11D684_2_00007FF744A11D68
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeCode function: 4_2_00007FF744A0D81C4_2_00007FF744A0D81C
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeCode function: 4_2_00007FF744A0D1644_2_00007FF744A0D164
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exeCode function: 14_2_00C7C7FB14_2_00C7C7FB
Source: C:\Program Files (x86)\BraveSoftware\Update\Install\{4F196A2A-B4D3-469B-B59C-F68107B39DD0}\brave_installer-x64.exeCode function: 49_2_00007FF7E498133049_2_00007FF7E4981330
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeCode function: String function: 00896F60 appears 33 times
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeCode function: String function: 00892BA0 appears 236 times
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exeCode function: String function: 00C71AB0 appears 33 times
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeCode function: String function: 00EC7FA0 appears 33 times
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCode function: String function: 00807FA0 appears 33 times
Source: goopdateres_ca.dll.0.drStatic PE information: Resource name: RT_STRING type: MIPSEB-LE MIPS-II ECOFF executable not stripped - version 0.114
Source: goopdateres_fil.dll.0.drStatic PE information: Resource name: RT_STRING type: VAX COFF executable, sections 80, created Wed Mar 25 10:31:05 1970, not stripped, version 108
Source: goopdateres_hu.dll.0.drStatic PE information: Resource name: RT_STRING type: MIPSEL MIPS-II ECOFF executable not stripped - version 0.101
Source: goopdateres_ms.dll.0.drStatic PE information: Resource name: RT_STRING type: 370 sysV executable not stripped
Source: goopdateres_th.dll.0.drStatic PE information: Resource name: RT_STRING type: PDP-11 overlaid pure executable not stripped
Source: goopdateres_tr.dll.0.drStatic PE information: Resource name: RT_STRING type: 370 XA sysV pure executable not stripped
Source: goopdateres_vi.dll.0.drStatic PE information: Resource name: RT_STRING type: iAPX 286 executable small model (COFF) not stripped
Source: goopdateres_hu.dll.1.drStatic PE information: Resource name: RT_STRING type: MIPSEL MIPS-II ECOFF executable not stripped - version 0.101
Source: goopdateres_ms.dll.1.drStatic PE information: Resource name: RT_STRING type: 370 sysV executable not stripped
Source: goopdateres_th.dll.1.drStatic PE information: Resource name: RT_STRING type: PDP-11 overlaid pure executable not stripped
Source: goopdateres_tr.dll.1.drStatic PE information: Resource name: RT_STRING type: 370 XA sysV pure executable not stripped
Source: goopdateres_vi.dll.1.drStatic PE information: Resource name: RT_STRING type: iAPX 286 executable small model (COFF) not stripped
Source: goopdateres_ca.dll.1.drStatic PE information: Resource name: RT_STRING type: MIPSEB-LE MIPS-II ECOFF executable not stripped - version 0.114
Source: goopdateres_fil.dll.1.drStatic PE information: Resource name: RT_STRING type: VAX COFF executable, sections 80, created Wed Mar 25 10:31:05 1970, not stripped, version 108
Source: brave_installer-x64.exe.12.drStatic PE information: Resource name: B7 type: 7-zip archive data, version 0.4
Source: brave_installer-x64.exe.12.drStatic PE information: Resource name: BL type: Microsoft Cabinet archive data, Windows 2000/XP setup, 1398528 bytes, 1 file, at 0x2c "setup.exe", number 1, 106 datablocks, 0x1 compression
Source: brave_installer-x64.exe0.12.drStatic PE information: Resource name: B7 type: 7-zip archive data, version 0.4
Source: brave_installer-x64.exe0.12.drStatic PE information: Resource name: BL type: Microsoft Cabinet archive data, Windows 2000/XP setup, 1398528 bytes, 1 file, at 0x2c "setup.exe", number 1, 106 datablocks, 0x1 compression
Source: BIT6E99.tmp.13.drStatic PE information: Resource name: B7 type: 7-zip archive data, version 0.4
Source: BIT6E99.tmp.13.drStatic PE information: Resource name: BL type: Microsoft Cabinet archive data, Windows 2000/XP setup, 1398528 bytes, 1 file, at 0x2c "setup.exe", number 1, 106 datablocks, 0x1 compression
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.00000000031EE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_is.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002B10000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_sv.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.0000000002919000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_en.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002A88000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_nl.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.000000000338F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_zh-TW.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.000000000297A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_fa.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.000000000290D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_da.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.00000000031D3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_hu.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000003325000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_ta.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000028F2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_ca.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.00000000032EE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_sl.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.000000000329D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_pl.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000029FF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_ja.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.0000000002B00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_sw.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002936000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_en.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.0000000002AAF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_ro.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.00000000032D3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_ru.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000028C9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_ar.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000003376000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_vi.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.0000000002B44000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_uk.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000003231000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_ko.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000002.2408287644.00000000001A4000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_zh-TW.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002A44000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_lt.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002B39000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_te.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.00000000030B6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_am.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000003174000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_fa.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.00000000030F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_cs.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002B8A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_zh-CN.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002995000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_fil.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000029CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_id.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000003122000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_el.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000028B9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_bg.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002944000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_en-GB.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000029E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_id.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000028D6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_bg.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.000000000328F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_no.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002ACC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_ro.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000003340000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_th.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000028FD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_de.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.0000000002993000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_gu.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002ADA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_ru.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002ABE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_pt-PT.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000029A3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_fr.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.00000000032AA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_pt-BR.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000002BEF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameBraveUpdate.exeJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000002BEF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdate.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002A6D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_mr.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002B6F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_ur.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.000000000291B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_de.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.0000000002A5D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_ms.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.000000000296D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_et.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.0000000002A0C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_kn.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.0000000002A6B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_nl.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002A02000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_it.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000003166000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_et.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.0000000002B1C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_te.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000003266000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_mr.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002B54000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_tr.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.0000000002B37000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_tr.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002B96000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_zh-TW.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000003107000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_da.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000028E4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_bn.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.000000000323D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_lt.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.0000000002AE5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_sr.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.000000000318F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_fil.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.00000000032B8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_pt-PT.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000003181000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_fi.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002A51000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_lv.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002AB1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_pt-BR.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002B62000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_uk.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000023D8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameBraveUpdate.exeJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000023D8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdate.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000029AF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_hr.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.0000000002985000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_fr.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002AF4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_sl.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002B1D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_sw.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000003159000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_es-419.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002A5F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_ml.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.00000000030EC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_ca.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.00000000032E1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_sk.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002A29000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_kn.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.000000000324B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_lv.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002A1D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_ja.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002B47000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_th.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.0000000002934000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_es.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000029A1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_hi.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.000000000313E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_en-GB.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.0000000002B52000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_ur.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000029BE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_hi.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000003309000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_sv.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002951000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_es.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002A96000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_no.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002B02000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_sr.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.000000000295F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_es-419.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.00000000030DE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_bn.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1647895705.000000000048E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameBraveUpdateSetup.exeJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.00000000031FC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_it.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002A37000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_ko.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000003258000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_ml.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.00000000030C3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_ar.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000023D5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameBraveUpdate.exeJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000023D5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdate.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002987000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_fi.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000029CC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_hr.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002A10000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_iw.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000003383000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_zh-CN.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000029D9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_hu.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002B2B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_ta.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000029B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_gu.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002929000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_el.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002900000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_cs.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002AE7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_sk.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000029F4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_is.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002A7B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_ms.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000028BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_am.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000003209000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_iw.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002AA3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_pl.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002B7C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_vi.dllJ vs BraveBrowserSetup-BRV010.exe
Source: BraveBrowserSetup-BRV010.exeBinary or memory string: OriginalFilenameBraveUpdateSetup.exeJ vs BraveBrowserSetup-BRV010.exe
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeSection loaded: version.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeSection loaded: wininet.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeSection loaded: netutils.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeSection loaded: mdmregistration.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeSection loaded: omadmapi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeSection loaded: dmcmnutils.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeSection loaded: iri.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeSection loaded: dsreg.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeSection loaded: msxml3.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeSection loaded: atlthunk.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeSection loaded: propsys.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeSection loaded: edputil.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeSection loaded: slc.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeSection loaded: sppc.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: version.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wininet.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: netutils.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: mdmregistration.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: omadmapi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dmcmnutils.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: iri.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dsreg.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: version.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wininet.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: netutils.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: mdmregistration.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: omadmapi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dmcmnutils.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: iri.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dsreg.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: mdmregistration.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: omadmapi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dmcmnutils.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: iri.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: mdmregistration.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: omadmapi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dmcmnutils.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: iri.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: mdmregistration.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: omadmapi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dmcmnutils.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: iri.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: netutils.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: mdmregistration.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: omadmapi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: dmcmnutils.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: iri.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: dsreg.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: version.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wininet.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: netutils.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: mdmregistration.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: omadmapi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dmcmnutils.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: iri.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dsreg.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: version.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wininet.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: netutils.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: mdmregistration.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: omadmapi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dmcmnutils.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: iri.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dsreg.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: netutils.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: mdmregistration.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: omadmapi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: dmcmnutils.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: iri.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: dsreg.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: version.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wininet.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: netutils.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: mdmregistration.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: omadmapi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dmcmnutils.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: iri.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dsreg.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: netutils.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: mdmregistration.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: omadmapi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: dmcmnutils.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: iri.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: dsreg.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: version.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wtsapi32.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msimg32.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wkscli.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: mdmregistration.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msvcp110_win.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: omadmapi.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: powrprof.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dmcmnutils.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: iri.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: umpdc.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dsreg.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msvcp110_win.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: cscapi.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: ntmarta.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dbgcore.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dbgcore.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: webio.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: mswsock.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: winnsi.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: rasadhlp.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: schannel.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: ntasn1.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: ncrypt.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msxml3.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dpapi.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: version.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wtsapi32.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msimg32.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wkscli.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: mdmregistration.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msvcp110_win.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: omadmapi.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: powrprof.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dmcmnutils.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: iri.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: umpdc.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dsreg.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msvcp110_win.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: cscapi.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: ntmarta.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dbgcore.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dbgcore.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: mdmregistration.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: omadmapi.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: powrprof.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dmcmnutils.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: iri.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: umpdc.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: atlthunk.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: textinputframework.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: coreuicomponents.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: coremessaging.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: coremessaging.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: textshaping.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: version.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wtsapi32.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msimg32.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: wkscli.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: mdmregistration.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msvcp110_win.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: omadmapi.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: powrprof.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dmcmnutils.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: iri.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: umpdc.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dsreg.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msvcp110_win.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: cscapi.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: ntmarta.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dbgcore.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dbgcore.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: msxml3.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: webio.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: mswsock.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: winnsi.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: rasadhlp.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: schannel.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: ntasn1.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: ncrypt.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: winsta.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: bitsproxy.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: dpapi.dll
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dll
Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dll
Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: esent.dll
Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dll
Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dll
Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dll
Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
Source: BraveBrowserSetup-BRV010.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engineClassification label: mal51.evad.winEXE@106/572@0/35
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeCode function: 0_2_0089324D GetLastError,GetLastError,SetLastError,SetLastError,FormatMessageW,GetLastError,SetLastError,LocalFree,0_2_0089324D
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeCode function: 0_2_00892024 GetTempFileNameW,FindResourceW,LoadResource,LockResource,CreateFileW,SizeofResource,SetFilePointerEx,CloseHandle,0_2_00892024
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftwareJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeFile created: C:\Users\user\AppData\Local\BraveSoftware
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeMutant created: \Sessions\1\BaseNamedObjects\Global\BraveSoftware{BC6A0F04-AE75-459F-B879-2C961515B78A}
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeMutant created: \Sessions\1\BaseNamedObjects\Global\BraveSoftwareS-1-5-21-2246122658-3693405117-2476756634-1002{BC6A0F04-AE75-459F-B879-2C961515B78A}
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeMutant created: \BaseNamedObjects\Global\BraveSoftware{FE0E7F6B-B8BD-4EEE-A8F1-8CE625AEF520}
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeMutant created: \BaseNamedObjects\Global\BraveSoftware{BC6A0F04-AE75-459F-B879-2C961515B78A}
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeMutant created: \BaseNamedObjects\Global\BraveSoftware{4E15433F-5E08-47A1-AA4F-B1D1657EE725}
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeMutant created: \BaseNamedObjects\Global\BraveSoftware{BD1D9A71-3C5B-436B-BAD8-D337E3226819}
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeMutant created: \Sessions\1\BaseNamedObjects\Global\BraveSoftware{C50974A0-5616-4DC6-AC6D-D4EFF6F5FAC3}
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeMutant created: \BaseNamedObjects\Global\BraveSoftware{0EADE80E-E9B8-4A5D-AF64-6D2A918F597C}
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmpJump to behavior
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeCommand line argument: kernel32.dll0_2_0089277B
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeCommand line argument: kernel32.dll1_2_00EC6C1E
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeCommand line argument: DllEntry1_2_00EC6C1E
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCommand line argument: kernel32.dll2_2_00806C1E
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCommand line argument: DllEntry2_2_00806C1E
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exeCommand line argument: BraveUpdate.exe14_2_00C71152
Source: BraveBrowserSetup-BRV010.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: BraveBrowserSetup-BRV010.exeString found in binary or memory: %1!s!-Installer
Source: BraveBrowserSetup-BRV010.exeString found in binary or memory: r den %1!s!-Installer wird Windows 2000 Service Pack 4 oder h
Source: BraveBrowserSetup-BRV010.exeString found in binary or memory: Installer ng %1!s! Hindi Alam na Error ng InstallerlNabigo ang pag-install. Nangangailangan ang Installer ng %1!s! ng Windows 2000 Service Pack 4 o mas mahusay.
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile read: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\Install\{4F196A2A-B4D3-469B-B59C-F68107B39DD0}\brave_installer-x64.exeEvasive API call chain: GetCommandLine,DecisionNodes,ExitProcess
Source: unknownProcess created: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeProcess created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe" /installsource taggedmi /install "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regsvc
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regserver
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exe "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exe"
Source: unknownProcess created: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /c
Source: unknownProcess created: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ua /installsource scheduler
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exe "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exe"
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /uninstall
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exe "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exe"
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTQ1IiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjE0NSIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9Ins1NjM5OEQ5Mi1DRkE5LTQ2MkQtODhGOC1FMjE0RTEwQTJEQTF9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7QkFCQUI0MkYtNUM4NS00QURFLUJCNzktRTdCN0Y4NEQxQzJCfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSI4IiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ1LjIwMDYiIHNwPSIiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9IntCMTMxQzkzNS05QkU2LTQxREEtOTU5OS0xRjc3NkJFQjgwMTl9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxLjMuMzYxLjE0NSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgaW5zdGFsbF90aW1lX21zPSIzNTQ3Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /handoff "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none" /installsource taggedmi /sessionid "{56398D92-CFA9-462D-88F8-E214E10A2DA1}
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exe "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exe" -Embedding
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ondemand
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe"
Source: C:\Program Files\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7212 CREDAT:9474 /prefetch:2
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=20440
Source: C:\Program Files\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=20440
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new
Source: C:\Program Files\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=20440
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=2020,i,10732780522710542264,14033713983186495239,262144 /prefetch:3
Source: unknownProcess created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exe "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exe" -Embedding
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ondemand
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6052 --field-trial-handle=2020,i,10732780522710542264,14033713983186495239,262144 /prefetch:8
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe"
Source: C:\Program Files\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7212 CREDAT:75012 /prefetch:2
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new
Source: C:\Program Files\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new
Source: unknownProcess created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exe "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exe" -Embedding
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ondemand
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe"
Source: C:\Program Files\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7212 CREDAT:75018 /prefetch:2
Source: C:\Program Files\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7212 CREDAT:1250584 /prefetch:2
Source: unknownProcess created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exe "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exe" -Embedding
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ondemand
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=4236 --field-trial-handle=2020,i,10732780522710542264,14033713983186495239,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=4236 --field-trial-handle=2020,i,10732780522710542264,14033713983186495239,262144 /prefetch:8
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe"
Source: C:\Program Files\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7212 CREDAT:9482 /prefetch:2
Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=2000,i,3705036646907235618,15177434978570065286,262144 /prefetch:3
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\Install\{4F196A2A-B4D3-469B-B59C-F68107B39DD0}\brave_installer-x64.exe C:\Program Files (x86)\BraveSoftware\Update\Install\{4F196A2A-B4D3-469B-B59C-F68107B39DD0}\brave_installer-x64.exe" --do-not-launch-chrome /installerdata="C:\Windows\TEMP\gui8936.tmp
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeProcess created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe" /installsource taggedmi /install "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=noneJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regsvcJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regserverJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTQ1IiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjE0NSIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9Ins1NjM5OEQ5Mi1DRkE5LTQ2MkQtODhGOC1FMjE0RTEwQTJEQTF9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7QkFCQUI0MkYtNUM4NS00QURFLUJCNzktRTdCN0Y4NEQxQzJCfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSI4IiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ1LjIwMDYiIHNwPSIiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9IntCMTMxQzkzNS05QkU2LTQxREEtOTU5OS0xRjc3NkJFQjgwMTl9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxLjMuMzYxLjE0NSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgaW5zdGFsbF90aW1lX21zPSIzNTQ3Ii8-PC9hcHA-PC9yZXF1ZXN0PgJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /handoff "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none" /installsource taggedmi /sessionid "{56398D92-CFA9-462D-88F8-E214E10A2DA1}Jump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exe "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exe" Jump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exe "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exe" Jump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exe "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exe" Jump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /uninstallJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\Install\{4F196A2A-B4D3-469B-B59C-F68107B39DD0}\brave_installer-x64.exe C:\Program Files (x86)\BraveSoftware\Update\Install\{4F196A2A-B4D3-469B-B59C-F68107B39DD0}\brave_installer-x64.exe" --do-not-launch-chrome /installerdata="C:\Windows\TEMP\gui8936.tmp
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ondemand
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe"
Source: C:\Program Files\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7212 CREDAT:9474 /prefetch:2
Source: C:\Program Files\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=20440
Source: C:\Program Files\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new
Source: C:\Program Files\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7212 CREDAT:75012 /prefetch:2
Source: C:\Program Files\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new
Source: C:\Program Files\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7212 CREDAT:75018 /prefetch:2
Source: C:\Program Files\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7212 CREDAT:1250584 /prefetch:2
Source: C:\Program Files\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7212 CREDAT:9482 /prefetch:2
Source: C:\Program Files\Internet Explorer\iexplore.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=20440
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=20440
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=2020,i,10732780522710542264,14033713983186495239,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6052 --field-trial-handle=2020,i,10732780522710542264,14033713983186495239,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=4236 --field-trial-handle=2020,i,10732780522710542264,14033713983186495239,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=4236 --field-trial-handle=2020,i,10732780522710542264,14033713983186495239,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ondemand
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ondemand
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe"
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ondemand
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe"
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ondemand
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=2000,i,3705036646907235618,15177434978570065286,262144 /prefetch:3
Source: C:\Program Files (x86)\BraveSoftware\Update\Install\{4F196A2A-B4D3-469B-B59C-F68107B39DD0}\brave_installer-x64.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\InProcServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\Office\16.0\Lync
Source: BraveBrowserSetup-BRV010.exeStatic PE information: certificate valid
Source: BraveBrowserSetup-BRV010.exeStatic file information: File size 1446992 > 1048576
Source: BraveBrowserSetup-BRV010.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x136800
Source: BraveBrowserSetup-BRV010.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: BraveBrowserSetup-BRV010.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: BraveBrowserSetup-BRV010.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: BraveBrowserSetup-BRV010.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: BraveBrowserSetup-BRV010.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: BraveBrowserSetup-BRV010.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: BraveBrowserSetup-BRV010.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: BraveBrowserSetup-BRV010.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: goopdateres_unsigned_ms.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002A6D000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000003266000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1662581974.000000000154C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1662581974.000000000153D000.00000004.00000020.00020000.00000000.sdmp, goopdateres_ms.dll.1.dr, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_fa.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.000000000296D000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000003166000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1659285391.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1659285391.000000000154C000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_ru.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.0000000002AAF000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002ACC000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1664282530.000000000154C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1664282530.000000000153D000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_lt.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000003231000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002A37000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1662004054.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1662004054.000000000154C000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_el.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000028FD000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.000000000291B000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1658440956.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1658440956.000000000154C000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_tr.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000003340000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002B47000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1665882429.000000000154C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1665882429.000000000153D000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: psmachine_unsigned_arm64.pdbK source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000023D8000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000023D5000.00000004.00000020.00020000.00000000.sdmp, psmachine_arm64.dll.1.dr, psmachine_arm64.dll.0.dr, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_de.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.000000000290D000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000003107000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1658306118.000000000154C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1658306118.000000000153D000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr, goopdateres_de.dll.0.dr
Source: Binary string: psuser_unsigned_arm64.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000002.2408287644.00000000001A4000.00000004.00000010.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000023D8000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000023D5000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_bg.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000028C9000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1657457101.000000000154C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1657457101.000000000153D000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_mr.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002A5F000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000003258000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1662438629.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1662438629.000000000154C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_mr.dll.1.dr, GUTCC5F.tmp.0.dr
Source: Binary string: BraveUpdateComRegisterShell64_unsigned.pdbS source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000023D8000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000023D5000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1656657200.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1656629185.000000000154D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1656453205.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdateComRegisterShell64.exe, 00000004.00000000.1676919707.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmp, BraveUpdateComRegisterShell64.exe, 00000004.00000002.1680058258.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmp, BraveUpdateComRegisterShell64.exe, 00000007.00000000.1680834482.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmp, BraveUpdateComRegisterShell64.exe, 00000007.00000002.1682530997.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmp, BraveUpdateComRegisterShell64.exe, 00000009.00000000.1683362103.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmp, BraveUpdateComRegisterShell64.exe, 00000009.00000002.1684885420.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_gu.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000029A3000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.0000000002985000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1659841240.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1659841240.000000000154C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_gu.dll.1.dr, goopdateres_gu.dll.0.dr, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_th.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002B39000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.0000000002B1C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1665688521.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1665688521.000000000154C000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_sr.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.00000000032EE000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002AF4000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1664903202.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1664903202.000000000154C000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: BraveUpdateComRegisterShell64_unsigned.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000023D8000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000023D5000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1656657200.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1656629185.000000000154D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1656453205.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdateComRegisterShell64.exe, 00000004.00000000.1676919707.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmp, BraveUpdateComRegisterShell64.exe, 00000004.00000002.1680058258.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmp, BraveUpdateComRegisterShell64.exe, 00000007.00000000.1680834482.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmp, BraveUpdateComRegisterShell64.exe, 00000007.00000002.1682530997.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmp, BraveUpdateComRegisterShell64.exe, 00000009.00000000.1683362103.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmp, BraveUpdateComRegisterShell64.exe, 00000009.00000002.1684885420.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: psmachine_unsigned.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000023D8000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000023D5000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: psuser_unsigned_64.pdbG source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000023D8000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000023D5000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: psuser_unsigned_arm64.pdbK source: BraveBrowserSetup-BRV010.exe, 00000000.00000002.2408287644.00000000001A4000.00000004.00000010.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000023D8000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000023D5000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_am.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000023D8000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000023D5000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1656995123.000000000154C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1656995123.000000000153D000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: C:\jenkins\x64-release\src\out\Release\mini_installer.exe.pdb source: brave_installer-x64.exe, 00000031.00000002.2363085480.00007FF7E4985000.00000002.00000001.01000000.0000001A.sdmp, brave_installer-x64.exe, 00000031.00000000.2124215479.00007FF7E4985000.00000002.00000001.01000000.0000001A.sdmp, brave_installer-x64.exe.12.dr
Source: Binary string: goopdateres_unsigned_lv.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002A44000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.000000000323D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1662145107.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1662145107.000000000154C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_lv.dll.1.dr, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_ta.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.0000000002B00000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002B1D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1665368990.000000000154C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1665368990.000000000153D000.00000004.00000020.00020000.00000000.sdmp, goopdateres_ta.dll.1.dr, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_cs.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000028F2000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.00000000030EC000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1657937472.000000000154C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1657937472.000000000153D000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr, goopdateres_cs.dll.1.dr
Source: Binary string: goopdate_unsigned.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000023D8000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000023D5000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1655460731.000000000153D000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_hi.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.0000000002993000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1659983985.000000000154C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1659983985.000000000153D000.00000004.00000020.00020000.00000000.sdmp, goopdateres_hi.dll.0.dr, GUTCC5F.tmp.0.dr, goopdateres_hi.dll.1.dr
Source: Binary string: psuser_unsigned.pdbK source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000023D8000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000023D5000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1666726202.000000000153D000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_es-419.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.0000000002934000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002951000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1659015830.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1659015830.000000000154C000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: mi_exe_stub.pdb source: BraveBrowserSetup-BRV010.exe, BraveUpdateSetup.exe.0.dr
Source: Binary string: goopdateres_unsigned_pt-BR.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.000000000329D000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002AA3000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1663603593.000000000154C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1663603593.000000000153D000.00000004.00000020.00020000.00000000.sdmp, goopdateres_pt-BR.dll.0.dr, goopdateres_pt-BR.dll.1.dr, GUTCC5F.tmp.0.dr
Source: Binary string: BraveUpdate_unsigned.pdb source: BraveUpdate.exe, BraveUpdate.exe, 00000002.00000000.1670432998.0000000000801000.00000020.00000001.01000000.00000007.sdmp, BraveUpdate.exe, 00000003.00000000.1675420049.0000000000801000.00000020.00000001.01000000.00000007.sdmp, BraveUpdate.exe, 00000005.00000000.1678756290.0000000000801000.00000020.00000001.01000000.00000007.sdmp, BraveUpdate.exe, 00000006.00000000.1679696552.0000000000801000.00000020.00000001.01000000.00000007.sdmp, BraveUpdate.exe, 00000008.00000000.1682581970.0000000000801000.00000020.00000001.01000000.00000007.sdmp, BraveUpdate.exe, 0000000A.00000000.1687496950.0000000000801000.00000020.00000001.01000000.00000007.sdmp, BraveUpdate.exe, 0000000B.00000000.1689987926.0000000000801000.00000020.00000001.01000000.00000007.sdmp, BraveUpdate.exe, 0000000C.00000002.2429226883.0000000000801000.00000020.00000001.01000000.00000007.sdmp, BraveUpdate.exe, 0000000F.00000000.1748678602.0000000000801000.00000020.00000001.01000000.00000007.sdmp, BraveUpdate.exe, 0000001B.00000000.1839626126.0000000000801000.00000020.00000001.01000000.00000007.sdmp, BraveUpdate.exe, 00000023.00000000.1902627971.0000000000801000.00000020.00000001.01000000.00000007.sdmp, BraveUpdate.exe, 0000002A.00000000.1996704601.0000000000801000.00000020.00000001.01000000.00000007.sdmp, BraveUpdate.exe.1.dr, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_hr.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000029A1000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000029BE000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1660124665.000000000154C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1660124665.000000000153D000.00000004.00000020.00020000.00000000.sdmp, goopdateres_hr.dll.1.dr, goopdateres_hr.dll.0.dr, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_id.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.00000000031D3000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000029D9000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1660704646.000000000154C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1660704646.000000000153D000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr, goopdateres_id.dll.0.dr
Source: Binary string: psuser_unsigned_64.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000023D8000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000023D5000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_zh-TW.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002B8A000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000002.2408287644.000000000019F000.00000004.00000010.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000003383000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1666641940.000000000154C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1666641940.000000000153D000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: BraveCrashHandlerArm64_unsigned.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000023D8000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000023D5000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1656195976.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1656398835.000000000153D000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: BraveCrashHandler64_unsigned.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000023D8000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000023D5000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: BraveUpdateCore_unsigned.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000023D8000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000023D5000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1655708094.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdateCore.exe.1.dr, GUTCC5F.tmp.0.dr
Source: Binary string: BraveCrashHandler_unsigned.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000023D8000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000023D5000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1655911803.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveCrashHandler.exe.0.dr, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_sw.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002B10000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000003309000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1665213225.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1665213225.000000000154C000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: BraveCrashHandler64_unsigned.pdb~ source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000023D8000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000023D5000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_it.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.00000000031EE000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000029F4000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1661208496.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1661208496.000000000154C000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_pt-PT.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.00000000032AA000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002AB1000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1663845769.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1663845769.000000000154C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_pt-PT.dll.1.dr, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_vi.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002B6F000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.0000000002B52000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1666344529.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1666344529.000000000154C000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_bn.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000028B9000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000028D6000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1657595345.000000000154C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1657595345.000000000153D000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr, goopdateres_bn.dll.0.dr
Source: Binary string: BraveUpdateBroker_unsigned.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000023D8000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000023D5000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1669407367.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1669140807.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1669354521.000000000154D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdateBroker.exe.1.dr, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_sv.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.0000000002AE5000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002B02000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1665062269.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1665062269.000000000154C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_sv.dll.1.dr, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_ja.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002A10000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000003209000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1661537646.000000000154C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1661537646.000000000153D000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr, goopdateres_ja.dll.0.dr
Source: Binary string: goopdateres_unsigned_es.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002944000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.000000000313E000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1658870479.000000000154C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1658870479.000000000153D000.00000004.00000020.00020000.00000000.sdmp, goopdateres_es.dll.0.dr, GUTCC5F.tmp.0.dr
Source: Binary string: psmachine_unsigned_64.pdbG source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000023D8000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000023D5000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: BraveUpdateCore_unsigned.pdbW source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000023D8000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000023D5000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1655708094.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdateCore.exe.1.dr, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_is.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000029CA000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000029E7000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1661058482.000000000154C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1661058482.000000000153D000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr, goopdateres_is.dll.0.dr
Source: Binary string: goopdateres_unsigned_fr.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002995000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.000000000318F000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1659693366.000000000154C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1659693366.000000000153D000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_ro.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002ABE000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.00000000032B8000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1664065282.000000000154C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1664065282.000000000153D000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_uk.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002B54000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.0000000002B37000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1666032243.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1666032243.000000000154C000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_ca.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000028E4000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.00000000030DE000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1657744169.000000000154C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1657744169.000000000153D000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: psmachine_unsigned_arm64.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000023D8000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000023D5000.00000004.00000020.00020000.00000000.sdmp, psmachine_arm64.dll.1.dr, psmachine_arm64.dll.0.dr, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_nl.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.0000000002A5D000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002A7B000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1662729138.000000000154C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1662729138.000000000153D000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_ko.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.0000000002A0C000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002A29000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1661858792.000000000154C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1661858792.000000000153D000.00000004.00000020.00020000.00000000.sdmp, goopdateres_ko.dll.1.dr, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_et.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000003159000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.000000000295F000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1659150513.000000000154C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1659150513.000000000153D000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_no.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002A88000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.0000000002A6B000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1662992849.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1662992849.000000000154C000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr, goopdateres_no.dll.0.dr
Source: Binary string: goopdateres_unsigned_te.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000003325000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002B2B000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1665526934.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1665526934.000000000154C000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr, goopdateres_te.dll.1.dr
Source: Binary string: goopdateres_unsigned_ur.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.0000000002B44000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002B62000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1666189346.000000000154C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1666189346.000000000153D000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr, goopdateres_ur.dll.0.dr
Source: Binary string: BraveUpdateComRegisterShellArm64_unsigned.pdbW source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000023D8000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000023D5000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1656863389.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1656697381.000000000153D000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_iw.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002A02000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.00000000031FC000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1661381133.000000000154C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1661381133.000000000153D000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr, goopdateres_iw.dll.0.dr
Source: Binary string: goopdateres_unsigned_fil.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000003181000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002987000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1659559118.000000000154C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1659559118.000000000153D000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_pl.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.000000000328F000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002A96000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1663362929.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1663362929.000000000154C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_pl.dll.1.dr, GUTCC5F.tmp.0.dr
Source: Binary string: goopdate_unsigned.pdbz source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000023D8000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000023D5000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1655460731.000000000153D000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_en-GB.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.0000000002919000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002936000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1658731216.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1658731216.000000000154C000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_fi.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.000000000297A000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000003174000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1659421316.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1659421316.000000000154C000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_sk.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.00000000032D3000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002ADA000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1664606415.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1664606415.000000000154C000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: psuser_unsigned.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000023D8000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000023D5000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1666726202.000000000153D000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_ml.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002A51000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.000000000324B000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1662294289.000000000154C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1662294289.000000000153D000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: BraveUpdateOnDemand_unsigned.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000023D8000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000023D5000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1669678827.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1669484102.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1669630831.000000000154D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdateOnDemand.exe, 0000000E.00000002.1749004785.0000000000C7E000.00000002.00000001.01000000.00000011.sdmp, BraveUpdateOnDemand.exe, 0000000E.00000000.1748269937.0000000000C7E000.00000002.00000001.01000000.00000011.sdmp, BraveUpdateOnDemand.exe, 0000001A.00000002.1845302743.0000000000C7E000.00000002.00000001.01000000.00000011.sdmp, BraveUpdateOnDemand.exe, 0000001A.00000000.1834627508.0000000000C7E000.00000002.00000001.01000000.00000011.sdmp, BraveUpdateOnDemand.exe, 00000022.00000000.1900040663.0000000000C7E000.00000002.00000001.01000000.00000011.sdmp, BraveUpdateOnDemand.exe, 00000022.00000002.1911214505.0000000000C7E000.00000002.00000001.01000000.00000011.sdmp, BraveUpdateOnDemand.exe, 00000029.00000002.2002014854.0000000000C7E000.00000002.00000001.01000000.00000011.sdmp, BraveUpdateOnDemand.exe, 00000029.00000000.1992898982.0000000000C7E000.00000002.00000001.01000000.00000011.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_hu.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000029AF000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000029CC000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1660273091.000000000154C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1660273091.000000000153D000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_en.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000003122000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002929000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1658587830.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1658587830.000000000154C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000002.2392022591.00000000030D0000.00000002.00000001.00040000.0000001C.sdmp, BraveUpdate.exe, 00000002.00000002.1674096233.0000000001290000.00000002.00000001.00040000.00000009.sdmp, BraveUpdate.exe, 00000006.00000002.1684385354.0000000001390000.00000002.00000001.00040000.00000009.sdmp, BraveUpdate.exe, 0000000B.00000002.2385107915.0000000000EB0000.00000002.00000001.00040000.00000009.sdmp, BraveUpdate.exe, 0000000C.00000002.2435463606.0000000000DA0000.00000002.00000001.00040000.00000009.sdmp, BraveUpdate.exe, 0000000F.00000002.1751644302.0000000000CF0000.00000002.00000001.00040000.00000009.sdmp, BraveUpdate.exe, 0000001B.00000002.1849193213.0000000002750000.00000002.00000001.00040000.00000009.sdmp, BraveUpdate.exe, 00000023.00000002.1917082651.0000000000AF0000.00000002.00000001.00040000.00000009.sdmp, BraveUpdate.exe, 0000002A.00000002.2009244990.0000000000FE0000.00000002.00000001.00040000.00000009.sdmp, GUTCC5F.tmp.0.dr, goopdateres_en.dll.0.dr
Source: Binary string: goopdateres_unsigned_da.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.00000000030F9000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002900000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1658162176.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1658162176.000000000154C000.00000004.00000020.00020000.00000000.sdmp, goopdateres_da.dll.0.dr, GUTCC5F.tmp.0.dr
Source: Binary string: psmachine_unsigned.pdbK source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000023D8000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000023D5000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: BraveUpdateComRegisterShellArm64_unsigned.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000023D8000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000023D5000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1656863389.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1656697381.000000000153D000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: psmachine_unsigned_64.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000023D8000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000023D5000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_ar.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.00000000030B6000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000028BC000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1657180675.000000000154C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1657180675.000000000153D000.00000004.00000020.00020000.00000000.sdmp, goopdateres_ar.dll.0.dr, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_sl.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.00000000032E1000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002AE7000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1664750873.000000000153D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1664750873.000000000154C000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_zh-CN.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000003376000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002B7C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1666495955.000000000154C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1666495955.000000000153D000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: Binary string: goopdateres_unsigned_kn.pdb source: BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000029FF000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.0000000002A1D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1661691176.000000000154C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1661691176.000000000153D000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.dr
Source: BraveBrowserSetup-BRV010.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: BraveBrowserSetup-BRV010.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: BraveBrowserSetup-BRV010.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: BraveBrowserSetup-BRV010.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: BraveBrowserSetup-BRV010.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeCode function: 4_2_00007FF744A03A10 LoadLibraryW,GetProcAddress,FreeLibrary,4_2_00007FF744A03A10
Source: BraveUpdateSetup.exe.1.drStatic PE information: real checksum: 0x165c94 should be: 0x1621a3
Source: BraveBrowserSetup-BRV010.exeStatic PE information: real checksum: 0x165c94 should be: 0x1621a3
Source: BraveUpdateSetup.exe.0.drStatic PE information: real checksum: 0x165c94 should be: 0x1621a3
Source: BraveUpdateComRegisterShell64.exe.0.drStatic PE information: section name: _RDATA
Source: psmachine.dll.0.drStatic PE information: section name: .orpc
Source: psmachine_64.dll.0.drStatic PE information: section name: .orpc
Source: psmachine_64.dll.0.drStatic PE information: section name: _RDATA
Source: psuser.dll.0.drStatic PE information: section name: .orpc
Source: psuser_64.dll.0.drStatic PE information: section name: .orpc
Source: psuser_64.dll.0.drStatic PE information: section name: _RDATA
Source: BraveCrashHandler64.exe.0.drStatic PE information: section name: _RDATA
Source: psmachine_arm64.dll.0.drStatic PE information: section name: .orpc
Source: psuser_arm64.dll.0.drStatic PE information: section name: .orpc
Source: psuser.dll.1.drStatic PE information: section name: .orpc
Source: psuser_64.dll.1.drStatic PE information: section name: .orpc
Source: psuser_64.dll.1.drStatic PE information: section name: _RDATA
Source: psuser_arm64.dll.1.drStatic PE information: section name: .orpc
Source: psmachine.dll.1.drStatic PE information: section name: .orpc
Source: psmachine_64.dll.1.drStatic PE information: section name: .orpc
Source: psmachine_64.dll.1.drStatic PE information: section name: _RDATA
Source: psmachine_arm64.dll.1.drStatic PE information: section name: .orpc
Source: BraveCrashHandler64.exe.1.drStatic PE information: section name: _RDATA
Source: BraveUpdateComRegisterShell64.exe.1.drStatic PE information: section name: _RDATA
Source: brave_installer-x64.exe.12.drStatic PE information: section name: .retplne
Source: brave_installer-x64.exe0.12.drStatic PE information: section name: .retplne
Source: BIT6E99.tmp.13.drStatic PE information: section name: .retplne
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeCode function: 0_2_008A8226 push ecx; ret 0_2_008A8239
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeCode function: 1_2_00ED4346 push ecx; ret 1_2_00ED4359
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCode function: 2_2_00814346 push ecx; ret 2_2_00814359
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exeCode function: 14_2_00C7CF36 push ecx; ret 14_2_00C7CF49
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCode function: 15_2_02FBEAD8 pushad ; ret 15_2_02FBEAD9
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCode function: 15_2_02FBEC0C pushad ; ret 15_2_02FBEC0D
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCode function: 27_2_0309ED84 pushad ; ret 27_2_0309EDB5
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCode function: 27_2_0309D918 push ecx; ret 27_2_0309D919
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCode function: 27_2_0309CB1F pushfd ; retf 27_2_0309CB25
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCode function: 27_2_0309EDBA pushad ; ret 27_2_0309EDB5
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCode function: 27_2_0309DED8 push ecx; ret 27_2_0309DED9
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCode function: 27_2_0309D060 push ecx; ret 27_2_0309D061
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCode function: 35_2_02D2EC4C pushad ; ret 35_2_02D2EC4D
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCode function: 35_2_02D2C113 push eax; ret 35_2_02D2C121
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCode function: 35_2_02D2EB14 push 6002D2EBh; ret 35_2_02D2EB19
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCode function: 35_2_02D2C080 pushad ; ret 35_2_02D2C081
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCode function: 35_2_02D2CE08 pushfd ; iretd 35_2_02D2CE09
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCode function: 42_2_0349F0C4 pushad ; ret 42_2_0349F0C5
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCode function: 42_2_0349CA51 pushad ; retf 42_2_0349CA91
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_cs.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_zh-TW.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveCrashHandler.exeJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_is.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_sl.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShellArm64.exeJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_ur.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_hu.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_ta.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_ko.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_sv.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_am.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\psuser_arm64.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\psuser.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdateCore.exeJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateBroker.exeJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdateOnDemand.exeJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_sk.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdateSetup.exeJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\Install\{4F196A2A-B4D3-469B-B59C-F68107B39DD0}\brave_installer-x64.exeJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_zh-CN.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_it.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_tr.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\psmachine.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdate.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_hr.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdate.exeJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_en-GB.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_hi.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_nl.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_lv.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_ro.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_el.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_en-GB.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_ja.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\psuser_arm64.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_es.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_mr.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_iw.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_vi.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandlerArm64.exeJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_pl.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\psmachine_64.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_id.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_fi.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdateBroker.exeJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_iw.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_fr.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_te.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\psuser.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\psuser_64.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_lt.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_ar.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_et.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_da.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_ja.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_de.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_uk.dllJump to dropped file
Source: C:\Windows\System32\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\BIT6E99.tmpJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_th.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\Download\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\122.1.63.174\brave_installer-x64.exeJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_ru.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_ms.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_bn.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_tr.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_en.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_gu.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_bg.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_pt-BR.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdate.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_fa.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_sv.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_ko.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_ca.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_ml.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_zh-TW.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_no.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\psmachine_arm64.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_ml.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_pt-BR.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_cs.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_sl.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_is.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_ur.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_pt-PT.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_fil.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\psuser_64.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_es-419.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_kn.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdateComRegisterShellArm64.exeJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_sw.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_sk.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_it.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_hu.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_ta.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_hi.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_am.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_hr.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_ru.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_vi.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exeJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_ms.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_es.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_zh-CN.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_ro.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveCrashHandler64.exeJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_nl.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_lv.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_sr.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_pl.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_id.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_fi.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_fil.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_es-419.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_et.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\psmachine_arm64.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateSetup.exeJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\psmachine.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_ar.dllJump to dropped file
Source: C:\Windows\System32\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\{B97133A3-FF2E-401B-99B9-710C46C91FB5}-brave_installer-x64.exe (copy)Jump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveCrashHandlerArm64.exeJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_pt-PT.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_no.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_sr.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_lt.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_mr.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_bg.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_da.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler.exeJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\psmachine_64.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_te.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_el.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_de.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_uk.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Update\Install\{4F196A2A-B4D3-469B-B59C-F68107B39DD0}\brave_installer-x64.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\Install\{4F196A2A-B4D3-469B-B59C-F68107B39DD0}\CR_290C8.tmp\setup.exeJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdateComRegisterShell64.exeJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_ca.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_fa.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_sw.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_kn.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler64.exeJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_bn.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateCore.exeJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeFile created: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_en.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_th.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_fr.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeFile created: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_gu.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeCode function: 4_2_00007FF744A044A8 RegOpenKeyExW,RegQueryValueExW,RegCloseKey,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileIntW,4_2_00007FF744A044A8

Boot Survival

barindex
Creates an undocumented autostart registry key
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BraveUpdate.exe DisableExceptionChainValidationJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BraveUpdate.exe DisableExceptionChainValidationJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BraveUpdate.exe DisableExceptionChainValidationJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Found evasive API chain (may stop execution after checking volume information)
Source: C:\Program Files (x86)\BraveSoftware\Update\Install\{4F196A2A-B4D3-469B-B59C-F68107B39DD0}\brave_installer-x64.exeEvasive API call chain: GetVolumeInformation,DecisionNodes,ExitProcess
Found evasive API chain checking for user administrative privileges
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeCheck user administrative privileges: IsUserAndAdmin, DecisionNodegraph_0-13326
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_cs.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_zh-TW.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveCrashHandler.exeJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_is.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShellArm64.exeJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_sl.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_ur.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_ta.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_hu.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_ko.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_sv.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_am.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\psuser_arm64.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\psuser.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdateCore.exeJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateBroker.exeJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_sk.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_zh-CN.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_it.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_tr.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\psmachine.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdate.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_hr.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_en-GB.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_hi.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_nl.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_lv.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_ro.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_en-GB.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_el.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_ja.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\psuser_arm64.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_mr.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_iw.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_vi.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandlerArm64.exeJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_pl.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\psmachine_64.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_fi.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_id.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdateBroker.exeJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_iw.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_fr.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\psuser.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_te.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\psuser_64.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_lt.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_et.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_ar.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_da.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_ja.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_de.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_uk.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_th.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_ru.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_ms.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_bn.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_tr.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_en.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_gu.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_bg.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_pt-BR.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdate.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_fa.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_sv.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_ko.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_ca.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_ml.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_no.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_zh-TW.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\psmachine_arm64.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_pt-BR.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_ml.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_sl.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_cs.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_is.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_ur.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_pt-PT.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\psuser_64.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_fil.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_es-419.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_kn.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_sw.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdateComRegisterShellArm64.exeJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_sk.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_it.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_hu.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_ta.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_hi.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_am.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_ru.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_hr.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_vi.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_ms.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_zh-CN.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_ro.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_lv.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveCrashHandler64.exeJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_nl.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_sr.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_pl.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_id.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_fi.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_fil.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_es-419.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_et.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\psmachine_arm64.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_ar.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\psmachine.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveCrashHandlerArm64.exeJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_pt-PT.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_no.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_sr.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_lt.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_bg.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_mr.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_da.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler.exeJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\psmachine_64.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_el.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_te.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_de.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_uk.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Update\Install\{4F196A2A-B4D3-469B-B59C-F68107B39DD0}\brave_installer-x64.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\Install\{4F196A2A-B4D3-469B-B59C-F68107B39DD0}\CR_290C8.tmp\setup.exeJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_fa.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_ca.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_sw.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_kn.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler64.exeJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_bn.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_en.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateCore.exeJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_th.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_fr.dllJump to dropped file
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeDropped PE file which has not been started: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_gu.dllJump to dropped file
Source: C:\Program Files (x86)\BraveSoftware\Update\Install\{4F196A2A-B4D3-469B-B59C-F68107B39DD0}\brave_installer-x64.exeEvasive API call chain: RegOpenKey,DecisionNodes,ExitProcess
Source: C:\Program Files (x86)\BraveSoftware\Update\Install\{4F196A2A-B4D3-469B-B59C-F68107B39DD0}\brave_installer-x64.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess
Source: C:\Program Files (x86)\BraveSoftware\Update\Install\{4F196A2A-B4D3-469B-B59C-F68107B39DD0}\brave_installer-x64.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe TID: 6456Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe TID: 6236Thread sleep time: -30000s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 5572Thread sleep time: -30000s >= -30000s
Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeCode function: 1_2_00ECD9B3 FindFirstFileExW,FindNextFileW,FindClose,FindClose,1_2_00ECD9B3
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCode function: 2_2_0080D9B3 FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_0080D9B3
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeCode function: 4_2_00007FF744A11D68 FindFirstFileExW,4_2_00007FF744A11D68
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exeCode function: 14_2_00C76405 FindFirstFileExW,14_2_00C76405
Source: BraveUpdate.exe, 0000000C.00000002.2429876705.0000000000C22000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWY
Source: BraveUpdate.exe, 0000000A.00000003.1700214205.0000000000CB2000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 0000000A.00000002.1701523617.0000000000CB2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWn&
Source: BraveUpdate.exe, 0000000A.00000003.1700457279.0000000000C80000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 0000000A.00000002.1701523617.0000000000C83000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWP
Source: BraveUpdate.exe, 00000001.00000003.2386088743.0000000001518000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: BraveUpdate.exe, 0000000A.00000003.1700214205.0000000000CB2000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 0000000A.00000002.1701523617.0000000000CB2000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 0000000C.00000003.2391943490.0000000000C9D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 0000000C.00000003.2391943490.0000000000C6C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 0000000C.00000002.2431790390.0000000000C6C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 0000000C.00000003.2423948402.0000000000C9D000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 0000000C.00000003.2423831195.0000000000C6C000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 0000000C.00000002.2432251872.0000000000C9D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.2887265325.0000026B64E58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.2887173799.0000026B64E42000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: ie_to_edge_stub.exe, 00000013.00000002.1787186555.0000022CD6445000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
Source: iexplore.exe, 00000010.00000002.2886837892.000002CCE6BB0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: BraveUpdate.exe, 00000001.00000003.2386088743.0000000001518000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}!e
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeCode function: 0_2_0089DA04 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0089DA04
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeCode function: 4_2_00007FF744A04CE8 InitializeCriticalSectionAndSpinCount,GetLastError,IsDebuggerPresent,OutputDebugStringW,4_2_00007FF744A04CE8
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeCode function: 4_2_00007FF744A03A10 LoadLibraryW,GetProcAddress,FreeLibrary,4_2_00007FF744A03A10
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeCode function: 0_2_0089A026 mov ecx, dword ptr fs:[00000030h]0_2_0089A026
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeCode function: 0_2_0089F38C mov eax, dword ptr fs:[00000030h]0_2_0089F38C
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeCode function: 1_2_00ECBEF8 mov ecx, dword ptr fs:[00000030h]1_2_00ECBEF8
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeCode function: 1_2_00ECD6A1 mov eax, dword ptr fs:[00000030h]1_2_00ECD6A1
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCode function: 2_2_0080D6A1 mov eax, dword ptr fs:[00000030h]2_2_0080D6A1
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCode function: 2_2_0080BEF8 mov ecx, dword ptr fs:[00000030h]2_2_0080BEF8
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exeCode function: 14_2_00C74C52 mov ecx, dword ptr fs:[00000030h]14_2_00C74C52
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exeCode function: 14_2_00C7726A mov eax, dword ptr fs:[00000030h]14_2_00C7726A
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeCode function: 0_2_008911D5 GetProcessHeap,__Init_thread_footer,__Init_thread_footer,0_2_008911D5
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeProcess token adjusted: DebugJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeProcess token adjusted: DebugJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeProcess token adjusted: DebugJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess token adjusted: Debug
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeProcess token adjusted: Debug
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeCode function: 0_2_00897190 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00897190
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeCode function: 0_2_0089DA04 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0089DA04
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeCode function: 0_2_00896D06 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00896D06
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeCode function: 0_2_00896E9A SetUnhandledExceptionFilter,0_2_00896E9A
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeCode function: 1_2_00ECB83E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00ECB83E
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeCode function: 1_2_00EC7D47 SetUnhandledExceptionFilter,1_2_00EC7D47
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeCode function: 1_2_00EC7A8E SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00EC7A8E
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeCode function: 1_2_00EC7BB0 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00EC7BB0
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCode function: 2_2_0080B83E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_0080B83E
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCode function: 2_2_00807D47 SetUnhandledExceptionFilter,2_2_00807D47
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCode function: 2_2_00807A8E SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00807A8E
Source: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeCode function: 2_2_00807BB0 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00807BB0
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeCode function: 4_2_00007FF744A055DC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_00007FF744A055DC
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeCode function: 4_2_00007FF744A05994 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_00007FF744A05994
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeCode function: 4_2_00007FF744A05B78 SetUnhandledExceptionFilter,4_2_00007FF744A05B78
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeCode function: 4_2_00007FF744A0B4C8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_00007FF744A0B4C8
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exeCode function: 14_2_00C71850 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,14_2_00C71850
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exeCode function: 14_2_00C719E4 SetUnhandledExceptionFilter,14_2_00C719E4
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exeCode function: 14_2_00C75D94 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,14_2_00C75D94
Source: C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exeCode function: 14_2_00C71AF5 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,14_2_00C71AF5

HIPS / PFW / Operating System Protection Evasion

barindex
Benign windows process drops PE files
Source: C:\Windows\System32\svchost.exeFile created: BIT6E99.tmp.13.drJump to dropped file
Maps a DLL or memory area into another process
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeSection loaded: NULL target: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe protection: readonly
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /handoff "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none" /installsource taggedmi /sessionid "{56398D92-CFA9-462D-88F8-E214E10A2DA1}Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=20440
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe "c:\program files (x86)\bravesoftware\update\braveupdate.exe" /ping pd94bwwgdmvyc2lvbj0ims4wiiblbmnvzgluzz0ivvrgltgipz48cmvxdwvzdcbwcm90b2nvbd0imy4wiib1cgrhdgvypsjpbwfoysigdxbkyxrlcnzlcnnpb249ijeumy4znjeumtq1iibzagvsbf92zxjzaw9upsixljmumzyxlje0nsigaxntywnoaw5lpsixiibzzxnzaw9uawq9ins1njm5oeq5mi1drke5ltq2mkqtodhgoc1fmje0rtewqtjeqtf9iibpbnn0ywxsc291cmnlpsj0ywdnzwrtasigdgvzdhnvdxjjzt0iyxv0byigcmvxdwvzdglkpsj7qkfcqui0mkytnum4ns00qurflujcnzktrtdcn0y4neqxqzjcfsigzgvkdxa9imnyiibkb21haw5qb2luzwq9ijaipjxodybwahlzbwvtb3j5psi4iibzc2u9ijeiihnzzti9ijeiihnzztm9ijeiihnzc2uzpsixiibzc2u0mt0imsigc3nlndi9ijeiigf2ed0imsivpjxvcybwbgf0zm9ybt0id2luiib2zxjzaw9upsixmc4wlje5mdq1ljiwmdyiihnwpsiiigfyy2g9ing2ncivpjxhchagyxbwawq9intcmtmxqzkzns05qku2ltqxreetotu5os0xrjc3nkjfqjgwmtl9iib2zxjzaw9upsiiig5lehr2zxjzaw9upsixljmumzyxlje0nsigbgfuzz0iiibicmfuzd0iiibjbgllbnq9iii-pgv2zw50igv2zw50dhlwzt0imiigzxzlbnryzxn1bhq9ijeiigvycm9yy29kzt0imcigzxh0cmfjb2rlmt0imcigaw5zdgfsbf90aw1lx21zpsizntq3ii8-pc9hcha-pc9yzxf1zxn0pg
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe c:\program files (x86)\bravesoftware\update\braveupdate.exe" /handoff "appguid={afe6a462-c574-4b8a-af43-4cc60df4563b}&appname=brave-release&needsadmin=prefers&ap=release&installdataindex=default&referral=none" /installsource taggedmi /sessionid "{56398d92-cfa9-462d-88f8-e214e10a2da1}
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe "c:\program files (x86)\bravesoftware\update\braveupdate.exe" /ping pd94bwwgdmvyc2lvbj0ims4wiiblbmnvzgluzz0ivvrgltgipz48cmvxdwvzdcbwcm90b2nvbd0imy4wiib1cgrhdgvypsjpbwfoysigdxbkyxrlcnzlcnnpb249ijeumy4znjeumtq1iibzagvsbf92zxjzaw9upsixljmumzyxlje0nsigaxntywnoaw5lpsixiibzzxnzaw9uawq9ins1njm5oeq5mi1drke5ltq2mkqtodhgoc1fmje0rtewqtjeqtf9iibpbnn0ywxsc291cmnlpsj0ywdnzwrtasigdgvzdhnvdxjjzt0iyxv0byigcmvxdwvzdglkpsj7qkfcqui0mkytnum4ns00qurflujcnzktrtdcn0y4neqxqzjcfsigzgvkdxa9imnyiibkb21haw5qb2luzwq9ijaipjxodybwahlzbwvtb3j5psi4iibzc2u9ijeiihnzzti9ijeiihnzztm9ijeiihnzc2uzpsixiibzc2u0mt0imsigc3nlndi9ijeiigf2ed0imsivpjxvcybwbgf0zm9ybt0id2luiib2zxjzaw9upsixmc4wlje5mdq1ljiwmdyiihnwpsiiigfyy2g9ing2ncivpjxhchagyxbwawq9intcmtmxqzkzns05qku2ltqxreetotu5os0xrjc3nkjfqjgwmtl9iib2zxjzaw9upsiiig5lehr2zxjzaw9upsixljmumzyxlje0nsigbgfuzz0iiibicmfuzd0iiibjbgllbnq9iii-pgv2zw50igv2zw50dhlwzt0imiigzxzlbnryzxn1bhq9ijeiigvycm9yy29kzt0imcigzxh0cmfjb2rlmt0imcigaw5zdgfsbf90aw1lx21zpsizntq3ii8-pc9hcha-pc9yzxf1zxn0pgJump to behavior
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeProcess created: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe c:\program files (x86)\bravesoftware\update\braveupdate.exe" /handoff "appguid={afe6a462-c574-4b8a-af43-4cc60df4563b}&appname=brave-release&needsadmin=prefers&ap=release&installdataindex=default&referral=none" /installsource taggedmi /sessionid "{56398d92-cfa9-462d-88f8-e214e10a2da1}Jump to behavior
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeCode function: 0_2_00896FA5 cpuid 0_2_00896FA5
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exeCode function: 0_2_00896BF6 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00896BF6
Source: C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exeRegistry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BraveUpdate.exe DisableExceptionChainValidationJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts14
Command and Scripting Interpreter		1
Scheduled Task/Job		111
Process Injection		12
Masquerading		OS Credential Dumping1
System Time Discovery		Remote Services1
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
Scheduled Task/Job		11
Registry Run Keys / Startup Folder		1
Scheduled Task/Job		2
Virtualization/Sandbox Evasion		LSASS Memory1
Query Registry		Remote Desktop Protocol2
Clipboard Data		1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts231
Native API		1
DLL Side-Loading		11
Registry Run Keys / Startup Folder		1
Disable or Modify Tools		Security Account Manager41
Security Software Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal Accounts11
Exploitation for Client Execution		1
Image File Execution Options Injection		1
DLL Side-Loading		111
Process Injection		NTDS2
Virtualization/Sandbox Evasion		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
Image File Execution Options Injection		1
Deobfuscate/Decode Files or Information		LSA Secrets1
Process Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
Obfuscated Files or Information		Cached Domain Credentials1
Account Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
DLL Side-Loading		DCSync2
File and Directory Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem133
System Information Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1410747 Sample: BraveBrowserSetup-BRV010.exe Startdate: 18/03/2024 Architecture: WINDOWS Score: 51 160 Found evasive API chain (may stop execution after checking volume information) 2->160 162 Downloads suspicious files via Chrome 2->162 12 BraveBrowserSetup-BRV010.exe 1 79 2->12         started        16 svchost.exe 2->16         started        19 BraveUpdateOnDemand.exe 2->19         started        21 5 other processes 2->21 process3 dnsIp4 110 C:\Program Files (x86)\...\BraveUpdate.exe, PE32 12->110 dropped 112 C:\Program Files (x86)\...\psuser_arm64.dll, PE32+ 12->112 dropped 114 C:\Program Files (x86)\...\psuser_64.dll, PE32+ 12->114 dropped 120 69 other files (none is malicious) 12->120 dropped 166 Found evasive API chain checking for user administrative privileges 12->166 23 BraveUpdate.exe 17 78 12->23         started        130 23.41.168.93 ZAYO-6461US United States 16->130 132 23.51.58.94 TMNET-AS-APTMNetInternetServiceProviderMY United States 16->132 134 2 other IPs or domains 16->134 116 {B97133A3-FF2E-401...ller-x64.exe (copy), PE32+ 16->116 dropped 118 C:\Users\user\AppData\Local\...\BIT6E99.tmp, PE32+ 16->118 dropped 168 Benign windows process drops PE files 16->168 27 BraveUpdate.exe 19->27         started        29 BraveUpdate.exe 21->29         started        31 BraveUpdate.exe 21->31         started        33 BraveUpdate.exe 21->33         started        35 msedge.exe 21->35         started        file5 signatures6 process7 file8 96 C:\Program Files (x86)\...\BraveUpdate.exe, PE32 23->96 dropped 98 C:\Program Files (x86)\...\psuser_arm64.dll, PE32+ 23->98 dropped 100 C:\Program Files (x86)\...\psuser_64.dll, PE32+ 23->100 dropped 102 70 other files (none is malicious) 23->102 dropped 164 Creates an undocumented autostart registry key 23->164 37 BraveUpdateOnDemand.exe 23->37         started        39 BraveUpdate.exe 23->39         started        42 BraveUpdate.exe 192 23->42         started        50 3 other processes 23->50 44 iexplore.exe 27->44         started        46 iexplore.exe 29->46         started        48 iexplore.exe 31->48         started        signatures9 process10 dnsIp11 53 BraveUpdate.exe 37->53         started        104 C:\...\brave_installer-x64.exe, PE32+ 39->104 dropped 106 C:\...\brave_installer-x64.exe, PE32+ 39->106 dropped 55 brave_installer-x64.exe 39->55         started        58 BraveUpdateComRegisterShell64.exe 6 42->58         started        60 BraveUpdateComRegisterShell64.exe 6 42->60         started        62 BraveUpdateComRegisterShell64.exe 71 42->62         started        138 13.225.214.4 AMAZON-02US United States 50->138 file12 process13 file14 64 iexplore.exe 53->64         started        108 C:\Program Files (x86)\...\setup.exe, PE32+ 55->108 dropped process15 dnsIp16 136 204.79.197.200 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 64->136 67 ie_to_edge_stub.exe 64->67         started        69 iexplore.exe 64->69         started        72 iexplore.exe 64->72         started        74 5 other processes 64->74 process17 dnsIp18 76 msedge.exe 67->76         started        140 23.41.170.208 ZAYO-6461US United States 69->140 142 20.110.205.119 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 69->142 148 5 other IPs or domains 69->148 81 ie_to_edge_stub.exe 69->81         started        83 ssvagent.exe 69->83         started        85 ssvagent.exe 72->85         started        144 23.51.56.248 TMNET-AS-APTMNetInternetServiceProviderMY United States 74->144 146 23.51.57.215 TMNET-AS-APTMNetInternetServiceProviderMY United States 74->146 150 7 other IPs or domains 74->150 process19 dnsIp20 158 239.255.255.250 unknown Reserved 76->158 122 C:\Users\user\...\page_embed_script.js, ASCII 76->122 dropped 124 C:\Users\user\...\eventpage_bin_prod.js, ASCII 76->124 dropped 126 C:\Users\user\AppData\...\content_new.js, Unicode 76->126 dropped 128 C:\Users\user\AppData\Local\...\content.js, Unicode 76->128 dropped 170 Maps a DLL or memory area into another process 76->170 87 msedge.exe 76->87         started        90 msedge.exe 76->90         started        92 identity_helper.exe 76->92         started        94 identity_helper.exe 76->94         started        file21 signatures22 process23 dnsIp24 152 13.107.21.239 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 87->152 154 13.107.246.40 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 87->154 156 10 other IPs or domains 87->156

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
BraveBrowserSetup-BRV010.exe0%VirustotalBrowse
BraveBrowserSetup-BRV010.exe3%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveCrashHandler.exe0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveCrashHandler64.exe0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveCrashHandlerArm64.exe0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdateBroker.exe0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdateComRegisterShell64.exe0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdateComRegisterShellArm64.exe0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdateCore.exe0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdateOnDemand.exe0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdateSetup.exe3%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdate.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_am.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_ar.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_bg.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_bn.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_ca.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_cs.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_da.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_de.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_el.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_en-GB.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_en.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_es-419.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_es.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_et.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_fa.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_fi.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_fil.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_fr.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_gu.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_hi.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_hr.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_hu.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_id.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_is.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_it.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_iw.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_ja.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_kn.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_ko.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_lt.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_lv.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_ml.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_mr.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_ms.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_nl.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_no.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_pl.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_pt-BR.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_pt-PT.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_ro.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_ru.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_sk.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_sl.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_sr.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_sv.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_sw.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_ta.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_te.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_th.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_tr.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_uk.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_ur.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_vi.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_zh-CN.dll0%ReversingLabs
C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_zh-TW.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://deff.nelreports.net/api/report?cat=msn0%URL Reputationsafe
http://www.merlin.com.pl/favicon.ico0%Avira URL Cloudsafe
http://www.mercadolivre.com.br/0%Avira URL Cloudsafe
https://updates-cdn.bravesoftware.com/build/Brave-Release/release/win/122.1.63.174/x64/#0%Avira URL Cloudsafe
http://www.dailymail.co.uk/0%Avira URL Cloudsafe
http://search.yahoo.co.jpC0%Avira URL Cloudsafe
http://search.books.com.tw/favicon.icoa0%Avira URL Cloudsafe
https://updates.bravesoftware.com/service/update20%Avira URL Cloudsafe
http://www.iask.com/favicon.icoZ0%Avira URL Cloudsafe
http://xml-us.amznxslt.com/onca/xml?Service=AWSECommerceService&Version=2008-06-26&Operation=ItemSea0%Avira URL Cloudsafe
http://www.merlin.com.pl/favicon.ico0%VirustotalBrowse
http://busca.uol.com.br/J0%Avira URL Cloudsafe
https://updates.bravesoftware.com/service/update20%VirustotalBrowse
https://updates-cdn.bravesoftware.com:443/build/Brave-Release/release/win/122.1.63.174/x64/brave_ins0%Avira URL Cloudsafe
http://busca.igbusca.com.br//app/static/images/favicon.ico0%Avira URL Cloudsafe
http://www.iask.com/favicon.icoZ0%VirustotalBrowse
http://search.msn.co.jp/results.aspx?q=%7BsearchTerms%7D&FORM=AS6w0%Avira URL Cloudsafe
http://www.mercadolivre.com.br/0%VirustotalBrowse
http://www.etmall.com.tw/favicon.ico0%Avira URL Cloudsafe
http://xml-us.amznxslt.com/onca/xml?Service=AWSECommerceService&Version=2008-06-26&Operation=ItemSea0%VirustotalBrowse
http://www.dailymail.co.uk/0%VirustotalBrowse
http://busca.igbusca.com.br//app/static/images/favicon.ico0%VirustotalBrowse
https://updates-cdn.bravesoftware.com:443/build/Brave-Release/release/win/122.1.63.174/x64/brave_ins0%VirustotalBrowse
http://busca.uol.com.br/J0%VirustotalBrowse
http://it.search.dada.net/favicon.ico0%Avira URL Cloudsafe
http://search.hanafos.com/favicon.ico0%Avira URL Cloudsafe
http://crl.ver)0%Avira URL Cloudsafe
http://cgi.search.biglobe.ne.jp/favicon.ico0%Avira URL Cloudsafe
http://www.etmall.com.tw/favicon.ico0%VirustotalBrowse
http://search.msn.co.jp/results.aspx?q=0%Avira URL Cloudsafe
http://buscar.ozu.es/0%Avira URL Cloudsafe
http://search.books.com.tw/favicon.icoa0%VirustotalBrowse
http://search.auction.co.kr/0%Avira URL Cloudsafe
http://search.hanafos.com/favicon.ico0%VirustotalBrowse
http://www.pchome.com.tw/favicon.ico0%Avira URL Cloudsafe
http://browse.guardian.co.uk/favicon.ico0%Avira URL Cloudsafe
http://search.msn.co.jp/results.aspx?q=0%VirustotalBrowse
http://buscar.ozu.es/0%VirustotalBrowse
http://google.pchome.com.tw/0%Avira URL Cloudsafe
http://www.pchome.com.tw/favicon.ico0%VirustotalBrowse
http://www.rakuten.co.jp/favicon.icoo0%Avira URL Cloudsafe
http://cgi.search.biglobe.ne.jp/favicon.ico0%VirustotalBrowse
http://it.search.dada.net/favicon.ico0%VirustotalBrowse
http://www.ozu.es/favicon.ico0%Avira URL Cloudsafe
http://browse.guardian.co.uk/favicon.ico0%VirustotalBrowse
http://search.auction.co.kr/0%VirustotalBrowse
http://search.yahoo.co.jp/favicon.ico0%Avira URL Cloudsafe
http://www.gmarket.co.kr/0%Avira URL Cloudsafe
https://updates.bravesoftware.com/service/check2/recover&appid=%s&appversion=%s&applang=%s&machine=%0%Avira URL Cloudsafe
http://p.zhongsou.com/;0%Avira URL Cloudsafe
http://search.orange.co.uk/favicon.ico0%Avira URL Cloudsafe
http://search.yahoo.co.jp/favicon.ico0%VirustotalBrowse
http://www.iask.com/0%Avira URL Cloudsafe
http://www.ozu.es/favicon.ico0%VirustotalBrowse
http://www.gmarket.co.kr/0%VirustotalBrowse
https://login.live.co&p?0%Avira URL Cloudsafe
http://service2.bfast.com/0%Avira URL Cloudsafe
http://www.news.com.au/favicon.ico0%Avira URL Cloudsafe
https://updates.bravesoftware.com/service/check2/recover&appid=%s&appversion=%s&applang=%s&machine=%0%VirustotalBrowse
http://google.pchome.com.tw/0%VirustotalBrowse

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://www.msn.com/favicon.ico5oo=0iexplore.exe, 00000010.00000002.2886837892.000002CCE6D23000.00000004.00000020.00020000.00000000.sdmpfalse
    		high
    https://updates-cdn.bravesoftware.com/build/Brave-Release/release/win/122.1.63.174/x64/#BraveUpdate.exe, 0000000C.00000003.2391943490.0000000000CAA000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 0000000C.00000003.2423216917.0000000000CB4000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 0000000C.00000002.2433369457.0000000000CB5000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://search.chol.com/favicon.icoiexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpfalse
      		high
      http://www.mercadolivre.com.br/iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpfalse
      • 0%, Virustotal, Browse
      • Avira URL Cloud: safe
      		unknown
      http://www.merlin.com.pl/favicon.icoiexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886516745.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpfalse
      • 0%, Virustotal, Browse
      • Avira URL Cloud: safe
      		unknown
      http://search.yahoo.co.jpCiexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      http://www.dailymail.co.uk/iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpfalse
      • 0%, Virustotal, Browse
      • Avira URL Cloud: safe
      		unknown
      https://www.msn.com/?ocid=iehpstorageTeststorageTestiexplore.exe, 00000010.00000002.2884587308.000002CCE3F40000.00000004.08000000.00040000.00000000.sdmpfalse
        		high
        https://android.notify.windows.com/iOSLiexplore.exe, 00000010.00000002.2889214539.000002CCE8930000.00000004.00000020.00020000.00000000.sdmpfalse
          		high
          http://search.books.com.tw/favicon.icoaiexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmpfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          https://deff.nelreports.net/api/report?cat=msniexplore.exe, 00000010.00000002.2886837892.000002CCE6D45000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2890941773.000002CCE8C07000.00000004.00000020.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          https://www.msn.com/?ocid=iehpoa_iexplore.exe, 00000010.00000002.2890941773.000002CCE8B24000.00000004.00000020.00020000.00000000.sdmpfalse
            		high
            https://updates.bravesoftware.com/service/update2BraveUpdate.exe, 0000000A.00000003.1700214205.0000000000CA8000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 0000000A.00000003.1700214205.0000000000CB2000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 0000000A.00000002.1701523617.0000000000CB2000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 0000000A.00000002.1701409407.0000000000C40000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 0000000A.00000002.1701409407.0000000000C49000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 0000000A.00000002.1701523617.0000000000CA8000.00000004.00000020.00020000.00000000.sdmpfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            http://fr.search.yahoo.com/iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              https://g.live.com/odclientsettings/Prod.C:svchost.exe, 0000000D.00000003.1706153984.0000026B65072000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.1706153984.0000026B6500E000.00000004.00000800.00020000.00000000.sdmpfalse
                		high
                https://www.msn.com/favicon.ico_iexplore.exe, 00000010.00000002.2889214539.000002CCE8996000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  http://in.search.yahoo.com/iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C2000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    http://www.iask.com/favicon.icoZiexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://img.shopzilla.com/shopzilla/shopzilla.icoiexplore.exe, 00000010.00000003.1845622990.000002CCE5296000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      http://xml-us.amznxslt.com/onca/xml?Service=AWSECommerceService&Version=2008-06-26&Operation=ItemSeaiexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845622990.000002CCE5296000.00000004.00000020.00020000.00000000.sdmpfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      https://www.msn.com/favicon.icoXiexplore.exe, 00000010.00000002.2890941773.000002CCE8C62000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        http://www.alarabiya.net/Yiexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          http://busca.uol.com.br/Jiexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmpfalse
                          • 0%, Virustotal, Browse
                          • Avira URL Cloud: safe
                          		unknown
                          http://msk.afisha.ru/iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://updates-cdn.bravesoftware.com:443/build/Brave-Release/release/win/122.1.63.174/x64/brave_inssvchost.exe, 0000000D.00000003.2574543223.0000026B64E95000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.2887350614.0000026B64E95000.00000004.00000020.00020000.00000000.sdmpfalse
                            • 0%, Virustotal, Browse
                            • Avira URL Cloud: safe
                            		unknown
                            https://www.msn.com/?ocid=iehptCiexplore.exe, 00000010.00000002.2889214539.000002CCE8A53000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              http://www.reddit.com/iexplore.exe, 00000010.00000002.2889214539.000002CCE8A62000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://www.msn.com/me.dllryiexplore.exe, 00000010.00000002.2886837892.000002CCE6D23000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  http://busca.igbusca.com.br//app/static/images/favicon.icoiexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845622990.000002CCE5296000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • 0%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://search.msn.co.jp/results.aspx?q=%7BsearchTerms%7D&FORM=AS6wiexplore.exe, 00000010.00000002.2884780310.000002CCE4D96000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D9C000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.ya.com/favicon.icoiexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    http://www.etmall.com.tw/favicon.icoiexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • 0%, Virustotal, Browse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://it.search.dada.net/favicon.icoiexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886516745.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • 0%, Virustotal, Browse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://www.msn.com/kiexplore.exe, 00000010.00000002.2889214539.000002CCE8A04000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      http://search.ebay.com/favicon.icoQiexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        http://search.hanafos.com/favicon.icoiexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • 0%, Virustotal, Browse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.yam.com/favicon.icoSiexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          http://cgi.search.biglobe.ne.jp/favicon.icoiexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886516745.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • 0%, Virustotal, Browse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://img.shopzilla.com/shopzilla/shopzilla.ico:iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            http://crl.ver)svchost.exe, 0000000D.00000002.2887025752.0000026B64E00000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		low
                                            http://search.msn.co.jp/results.aspx?q=iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • 0%, Virustotal, Browse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://buscar.ozu.es/iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • 0%, Virustotal, Browse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://www.msn.com/favicon.icokiexplore.exe, 00000010.00000002.2882084941.000000D7BFEF7000.00000004.00000010.00020000.00000000.sdmpfalse
                                              		high
                                              http://www.ask.com/iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886516745.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                http://search.live.com/results.aspx?FORM=SOLTDF&q=iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886606067.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52A6000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://www.msn.com/favicon.icod=iehppiexplore.exe, 00000010.00000002.2889214539.000002CCE8A53000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://www.google.it/iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://search.auction.co.kr/iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • 0%, Virustotal, Browse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://search-dyn.tiscali.it/Hiexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://search.cn.yahoo.com/viexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C2000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://search.ebay.com/favicon.icooiexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://sads.myspace.com/iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://search.ebay.com/favicon.icoriexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://list.taobao.com/browse/search_visual.htm?n=15&q=iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://www.pchome.com.tw/favicon.icoiexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886516745.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • 0%, Virustotal, Browse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://www.msn.com/favicon.icod=iehpXiexplore.exe, 00000010.00000002.2889214539.000002CCE8996000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://browse.guardian.co.uk/favicon.icoiexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886516745.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • 0%, Virustotal, Browse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://chrome.google.com/webstore/manifest.json.22.drfalse
                                                                      		high
                                                                      http://google.pchome.com.tw/iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • 0%, Virustotal, Browse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://list.taobao.com/browse/search_visual.htm?n=15&amp;q=iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://www.rambler.ru/favicon.icoiexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://www.rakuten.co.jp/favicon.icooiexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886516745.000002CCE529B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://uk.search.yahoo.com/iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C2000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.ozu.es/favicon.icoiexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • 0%, Virustotal, Browse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://espn.go.com/favicon.icoViexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://search.sify.com/iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://openimage.interpark.com/interpark.icoiexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://search.yahoo.co.jp/favicon.icoiexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886516745.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • 0%, Virustotal, Browse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  http://www.gmarket.co.kr/iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52A6000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • 0%, Virustotal, Browse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  http://www.nate.com/favicon.icofiexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://search.nifty.com/iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C2000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://www.univision.com/favicon.icoWiexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886516745.000002CCE529B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://www.google.si/iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://www.soso.com/iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://search.interpark.com/Ziexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://updates.bravesoftware.com/service/check2/recover&appid=%s&appversion=%s&applang=%s&machine=%BraveBrowserSetup-BRV010.exe, 00000000.00000003.1639034408.0000000002BEF000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1635947720.00000000023D8000.00000004.00000020.00020000.00000000.sdmp, BraveBrowserSetup-BRV010.exe, 00000000.00000003.1637911507.00000000023D5000.00000004.00000020.00020000.00000000.sdmp, BraveUpdate.exe, 00000001.00000003.1655460731.000000000153D000.00000004.00000020.00020000.00000000.sdmp, GUTCC5F.tmp.0.drfalse
                                                                                              • 0%, Virustotal, Browse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              http://busca.orange.es/iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://cnweb.search.live.com/results.aspx?q=iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845861544.000002CCE52B5000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52B6000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://www.msn.com/favicon.icod=iehpiexplore.exe, 00000010.00000002.2890941773.000002CCE8B24000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://www.twitter.com/iexplore.exe, 00000010.00000002.2889214539.000002CCE8A62000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://www.target.com/iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://buscador.lycos.es/Riexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://p.zhongsou.com/;iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          http://search.orange.co.uk/favicon.icoiexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886516745.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          http://www.iask.com/iexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          http://search.live.com/results.aspx?q=%7BsearchTerms%7D&Form=IE8SRC&src=%7Breferrer:source%7D5iexplore.exe, 00000010.00000002.2884780310.000002CCE4D96000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D9C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://www.msn.com/?ocid=iehp.icoiexplore.exe, 00000010.00000002.2890941773.000002CCE8C07000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://search.centrum.cz/favicon.icoiexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://login.live.co&p?iexplore.exe, 00000010.00000002.2889214539.000002CCE8996000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		low
                                                                                                                http://service2.bfast.com/iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://ariadna.elmundo.es/iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://www.news.com.au/favicon.icoiexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  http://jobsearch.monster.com/_iexplore.exe, 00000010.00000003.1845622990.000002CCE529B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845443326.000002CCE529A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845891167.000002CCE529D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886557863.000002CCE529E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://www.cdiscount.com/iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://www.tiscali.it/favicon.icoiexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://it.search.yahoo.com/iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://www.ceneo.pl/favicon.icoiexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://www.servicios.clarin.com/iexplore.exe, 00000010.00000003.1845484904.000002CCE528F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886393600.000002CCE5290000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://search.daum.net/favicon.icoiexplore.exe, 00000010.00000003.1844916552.000002CCE52AC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845086405.000002CCE5297000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845916022.000002CCE52BD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000002.2886647025.000002CCE52C7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845319685.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845527483.000002CCE52B3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845957927.000002CCE52C4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1845753884.000002CCE52B8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000010.00000003.1846083106.000002CCE4D79000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://assets.msn.com/bundles/v1/homePage/latest/midlevel/vendors.79af82f3c5b028c7ea81.js16D5LSYJ.htm.31.drfalse
                                                                                                                                  		high

                                                                                                                                  World Map of Contacted IPs

                                                                                                                                  • No. of IPs < 25%
                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                  • 75% < No. of IPs

                                                                                                                                  Public IPs

                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                  23.41.170.208
                                                                                                                                  		unknownUnited States
                                                                                                                                  		6461ZAYO-6461USfalse
                                                                                                                                  23.59.250.91
                                                                                                                                  		unknownUnited States
                                                                                                                                  		20940AKAMAI-ASN1EUfalse
                                                                                                                                  204.79.197.200
                                                                                                                                  		unknownUnited States
                                                                                                                                  		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                  13.107.246.40
                                                                                                                                  		unknownUnited States
                                                                                                                                  		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                  152.195.19.97
                                                                                                                                  		unknownUnited States
                                                                                                                                  		15133EDGECASTUSfalse
                                                                                                                                  142.251.40.206
                                                                                                                                  		unknownUnited States
                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                  23.51.58.94
                                                                                                                                  		unknownUnited States
                                                                                                                                  		4788TMNET-AS-APTMNetInternetServiceProviderMYfalse
                                                                                                                                  23.51.57.215
                                                                                                                                  		unknownUnited States
                                                                                                                                  		4788TMNET-AS-APTMNetInternetServiceProviderMYfalse
                                                                                                                                  13.225.214.4
                                                                                                                                  		unknownUnited States
                                                                                                                                  		16509AMAZON-02USfalse
                                                                                                                                  23.59.250.50
                                                                                                                                  		unknownUnited States
                                                                                                                                  		20940AKAMAI-ASN1EUfalse
                                                                                                                                  52.182.141.63
                                                                                                                                  		unknownUnited States
                                                                                                                                  		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                  108.139.47.50
                                                                                                                                  		unknownUnited States
                                                                                                                                  		16509AMAZON-02USfalse
                                                                                                                                  162.159.61.3
                                                                                                                                  		unknownUnited States
                                                                                                                                  		13335CLOUDFLARENETUSfalse
                                                                                                                                  108.139.47.33
                                                                                                                                  		unknownUnited States
                                                                                                                                  		16509AMAZON-02USfalse
                                                                                                                                  142.251.41.10
                                                                                                                                  		unknownUnited States
                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                  151.101.66.137
                                                                                                                                  		unknownUnited States
                                                                                                                                  		54113FASTLYUSfalse
                                                                                                                                  20.42.73.26
                                                                                                                                  		unknownUnited States
                                                                                                                                  		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                  23.51.56.248
                                                                                                                                  		unknownUnited States
                                                                                                                                  		4788TMNET-AS-APTMNetInternetServiceProviderMYfalse
                                                                                                                                  23.37.123.227
                                                                                                                                  		unknownUnited States
                                                                                                                                  		20940AKAMAI-ASN1EUfalse
                                                                                                                                  204.79.197.239
                                                                                                                                  		unknownUnited States
                                                                                                                                  		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                  23.41.168.93
                                                                                                                                  		unknownUnited States
                                                                                                                                  		6461ZAYO-6461USfalse
                                                                                                                                  20.110.205.119
                                                                                                                                  		unknownUnited States
                                                                                                                                  		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                  172.64.41.3
                                                                                                                                  		unknownUnited States
                                                                                                                                  		13335CLOUDFLARENETUSfalse
                                                                                                                                  1.1.1.1
                                                                                                                                  		unknownAustralia
                                                                                                                                  		13335CLOUDFLARENETUSfalse
                                                                                                                                  13.107.21.239
                                                                                                                                  		unknownUnited States
                                                                                                                                  		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                  131.253.33.239
                                                                                                                                  		unknownUnited States
                                                                                                                                  		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                  23.203.189.24
                                                                                                                                  		unknownUnited States
                                                                                                                                  		16625AKAMAI-ASUSfalse
                                                                                                                                  13.107.42.16
                                                                                                                                  		unknownUnited States
                                                                                                                                  		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                  142.250.80.33
                                                                                                                                  		unknownUnited States
                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                  239.255.255.250
                                                                                                                                  		unknownReserved
                                                                                                                                  		unknownunknownfalse
                                                                                                                                  108.139.47.112
                                                                                                                                  		unknownUnited States
                                                                                                                                  		16509AMAZON-02USfalse
                                                                                                                                  23.209.72.43
                                                                                                                                  		unknownUnited States
                                                                                                                                  		20940AKAMAI-ASN1EUfalse
                                                                                                                                  23.209.72.25
                                                                                                                                  		unknownUnited States
                                                                                                                                  		20940AKAMAI-ASN1EUfalse
                                                                                                                                  204.79.197.203
                                                                                                                                  		unknownUnited States
                                                                                                                                  		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse

                                                                                                                                  Private

                                                                                                                                  IP
                                                                                                                                  127.0.0.1

                                                                                                                                  General Information

                                                                                                                                  Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                                  Analysis ID:1410747
                                                                                                                                  Start date and time:2024-03-18 10:13:10 +01:00
                                                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                                                  Overall analysis duration:0h 11m 8s
                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                  Report type:full
                                                                                                                                  Cookbook file name:default.jbs
                                                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                  Number of analysed new started processes analysed:50
                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                  Technologies:
                                                                                                                                  • HCA enabled
                                                                                                                                  • EGA enabled
                                                                                                                                  • AMSI enabled
                                                                                                                                  Analysis Mode:default
                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                  Sample name:BraveBrowserSetup-BRV010.exe
                                                                                                                                  Detection:MAL
                                                                                                                                  Classification:mal51.evad.winEXE@106/572@0/35
                                                                                                                                  EGA Information:
                                                                                                                                  • Successful, ratio: 60%
                                                                                                                                  HCA Information:
                                                                                                                                  • Successful, ratio: 94%
                                                                                                                                  • Number of executed functions: 75
                                                                                                                                  • Number of non-executed functions: 113
                                                                                                                                  Cookbook Comments:
                                                                                                                                  • Found application associated with file extension: .exe

                                                                                                                                  Warnings

                                                                                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, backgroundTaskHost.exe, conhost.exe
                                                                                                                                  • Execution Graph export aborted for target BraveUpdate.exe, PID 5852 because there are no executed function
                                                                                                                                  • Execution Graph export aborted for target BraveUpdate.exe, PID 8356 because there are no executed function
                                                                                                                                  • Execution Graph export aborted for target BraveUpdate.exe, PID 8580 because there are no executed function
                                                                                                                                  • Execution Graph export aborted for target BraveUpdate.exe, PID 9004 because there are no executed function
                                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                  • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                  • Report size getting too big, too many NtDeleteKey calls found.
                                                                                                                                  • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                  • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                  • Report size getting too big, too many NtSetValueKey calls found.
                                                                                                                                  • Report size getting too big, too many NtWriteVirtualMemory calls found.
                                                                                                                                  • Skipping network analysis since amount of network traffic is too extensive

                                                                                                                                  Simulations

                                                                                                                                  Behavior and APIs

                                                                                                                                  TimeTypeDescription
                                                                                                                                  09:14:02Task SchedulerRun new task: BraveSoftwareUpdateTaskMachineCore{032B104F-D757-474D-8977-770E8533AF26} path: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe s>/c
                                                                                                                                  09:14:02Task SchedulerRun new task: BraveSoftwareUpdateTaskMachineUA{6BA0E23C-D373-4FA2-909C-9C865A1C02FD} path: C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe s>/ua /installsource scheduler
                                                                                                                                  09:14:36AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868 "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
                                                                                                                                  09:14:45AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868 "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
                                                                                                                                  09:15:10AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run BraveVpnWireguardService "C:\Program Files\BraveSoftware\Brave-Browser\Application\122.1.63.174\BraveVpnWireguardService\brave_vpn_wireguard_service.exe" --interactive
                                                                                                                                  10:14:04API Interceptor2x Sleep call for process: BraveUpdate.exe modified
                                                                                                                                  10:14:04API Interceptor2x Sleep call for process: svchost.exe modified

                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                  IPs

                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                  23.41.170.208https://stackauth-bainlk.cz/save/sharefile/Get hashmaliciousUnknownBrowse
                                                                                                                                    CMhm5cLiET.exeGet hashmaliciousAmadey, Glupteba, Mystic Stealer, RedLine, SmokeLoaderBrowse
                                                                                                                                      204.79.197.200kr.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                      • /
                                                                                                                                      13.107.246.40ACH-7830-15March.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                        https://www.cognitoforms.com/Edisoncslhotmailcom/SignIn?entry=%7B%22Email%22:%22mickey.mouse@microsoft.com%22%7DGet hashmaliciousUnknownBrowse
                                                                                                                                          ACH-8528-15March.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                            ACH-9528-15March.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                              Document PPS 430092.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                https://app.typeset.com/play/JMJ6KGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                  AI.Gemini Ultra For EU V1.0.1 PC.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                    http://marketplace-item-details-98756222.zya.meGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                      qwARi7ZlD6.exeGet hashmaliciousNjratBrowse
                                                                                                                                                        Download Attachment.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                          152.195.19.97AI.Gemini Ultra For EU V1.0.1 PC.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                            https://Hilcorp.microsoft@cloudflare-ipfs.com/ipfs/bafkreif2klim7glbgcsrfe6lm7wfd2scwmhee5i6dglyggzgvjgl53zw2i/#a2hhbmtzQGhpbGNvcnAuY29tGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                              VersionDescriptor.xmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                https://brandequity.economictimes.indiatimes.com/etl.php?url=conocepuertorico.com/JEEZ/FANTOO/2ALwh1DTJi/ZmphY29ic29uQHJvc2VueWMuY29tGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                                                                                  https://1drv.ms/o/s!Ajjp5acUNAUe4h6j8ZiKJL8Fm2B_?e=T2w34cGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                    https://onedrive.live.com/redir?resid=D557EC206FFB7160!18763&authkey=!AJvgTwV6CZ5apWY&page=View&wd=target(Quick%20Notes.one%7Ca4839789-5727-4f4a-8cb7-8f7ca326b900/GEOlogik%20-%20Wilbers%20%20Oeder%20GmbH%7C792c61c4-fbc3-4124-a7a0-3de0f5bd7abc/)&wdorigin=NavigationUrlGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                                                                                      Acrobat_Set-Up.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                        https://um.messe-essen-news.de/p/t/nl?t=JI61G.JRAW3.FF5C18DE8E59D9C05531214940DCD87F&d=https://abundantlifetabernaclebx.org#JTNDbWV0YSUyMGh0dHAtZXF1aXYlM0QlMjJyZWZyZXNoJTIyJTIwY29udGVudCUzRCUyMjAlM0IlMjB1cmwlM0RodHRwcyUzQS8vYWxtb3N0YWZhY2xlYW4uY29tLzElMjNtYXJ5Y0BmaW5sZXktY29vay5jb20lMjIlMjAvJTNFGet hashmaliciousHTMLPhisherBrowse

                                                                                                                                                                          Domains

                                                                                                                                                                          No context

                                                                                                                                                                          ASNs

                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                          MICROSOFT-CORP-MSN-AS-BLOCKUSACH-7830-15March.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                          • 13.107.246.40
                                                                                                                                                                          https://www.cognitoforms.com/Edisoncslhotmailcom/SignIn?entry=%7B%22Email%22:%22mickey.mouse@microsoft.com%22%7DGet hashmaliciousUnknownBrowse
                                                                                                                                                                          • 13.107.246.40
                                                                                                                                                                          KtvCSGVXFf.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                          • 147.243.118.167
                                                                                                                                                                          ACH-8528-15March.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                          • 13.107.246.40
                                                                                                                                                                          ACH-9914-15March.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                          • 13.107.213.40
                                                                                                                                                                          ry3HbSIIPt.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                          • 52.136.9.85
                                                                                                                                                                          ACH-9528-15March.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                          • 13.107.246.40
                                                                                                                                                                          XdH8FFhMcG.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                          • 20.114.7.134
                                                                                                                                                                          PPIQY37OuD.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                          • 51.106.42.105
                                                                                                                                                                          4M8Yu1QU0d.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                          • 52.96.169.61
                                                                                                                                                                          AKAMAI-ASN1EUAI.Gemini Ultra For EU V1.0.1 PC.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                          • 23.55.243.208
                                                                                                                                                                          http://marketplace-item-details-98756222.zya.meGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                          • 23.199.48.23
                                                                                                                                                                          OlyIcHfaN3.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                          • 92.122.218.122
                                                                                                                                                                          8tDYHJXT1S.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                          • 104.115.32.207
                                                                                                                                                                          SAAwuY5V9b.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                          • 104.115.32.215
                                                                                                                                                                          QN1omDissd.exeGet hashmaliciousAmadey, Glupteba, Mars Stealer, Stealc, VidarBrowse
                                                                                                                                                                          • 23.209.72.20
                                                                                                                                                                          AwV2hldmu0.exeGet hashmaliciousAmadey, Glupteba, Mars Stealer, Stealc, VidarBrowse
                                                                                                                                                                          • 23.209.72.20
                                                                                                                                                                          https://mlcrosoft.live/render-template/?csu=YPGatgPn&status_id=nGet hashmaliciousUnknownBrowse
                                                                                                                                                                          • 23.44.201.169
                                                                                                                                                                          5mzNYOqDim.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                          • 172.235.25.30
                                                                                                                                                                          ACH-3730-15March.xlsxGet hashmaliciousMailPassViewBrowse
                                                                                                                                                                          • 23.199.50.2
                                                                                                                                                                          EDGECASTUSPayment_Inv6739267.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                          • 152.199.4.44
                                                                                                                                                                          https://forum.fontlab.com/index.php?thememode=full;redirect=https://ags.college/D5Qw4GQ3Ea4RAy2APw4GloTxB4GalP21z01coTxmGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                          • 152.199.4.44
                                                                                                                                                                          https://womensfitnessadventures.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                          • 192.229.163.53
                                                                                                                                                                          https://cloudflare-ipfs.com/ipfs/bafkreif2klim7glbgcsrfe6lm7wfd2scwmhee5i6dglyggzgvjgl53zw2i/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                          • 152.199.4.44
                                                                                                                                                                          https://dfv.pages.dev/IP:Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                          • 152.199.24.48
                                                                                                                                                                          https://pub-05b0d194e6884515950cb00a5e20d410.r2.dev/giran.html?IP:Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                          • 152.199.4.44
                                                                                                                                                                          You're running out of storage (98%) globeandmail.com.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                          • 152.199.4.44
                                                                                                                                                                          AI.Gemini Ultra For EU V1.0.1 PC.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                          • 152.195.19.97
                                                                                                                                                                          aa.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                          • 93.184.216.34
                                                                                                                                                                          aa.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                          • 93.184.216.34
                                                                                                                                                                          ZAYO-6461US1PfkUPbqjw.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                          • 199.119.163.167
                                                                                                                                                                          tm4f2_data (1).zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                          • 23.41.168.93
                                                                                                                                                                          05w3hcoTlb.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                          • 198.90.97.254
                                                                                                                                                                          https://www.kbgbi.cn/Get hashmaliciousUnknownBrowse
                                                                                                                                                                          • 23.41.168.23
                                                                                                                                                                          original (1).emlGet hashmaliciousHTMLPhisher, ReCaptcha PhishBrowse
                                                                                                                                                                          • 23.41.168.139
                                                                                                                                                                          https://www.signerenligne.com/backend/token/selsbv3-51ebf1e3-a632-4c45-8fbd-4103b133ef9aGet hashmaliciousUnknownBrowse
                                                                                                                                                                          • 23.41.168.139
                                                                                                                                                                          https://ssoauth01.screenconnect.com/Bin/ScreenConnect.Client.exe?h=instance-w08c5r-relay.screenconnect.com&p=443&k=BgIAAACkAABSU0ExAAgAAAEAAQBtb%2FXciCJO5hHyAR3NG5qwkHgKE4K5jxeGBs35Nlncjh1l6g%2B23I88rvlqmL%2FU%2BHDK35q63nY%2BZ%2BacGdqbEGbCs9%2BC5ELjJTyrUFEL0gVqegeArzyszYoIS4ijuI8mGGKzW9tytW5tQhqCPuQeWdSbe0f0ttBWIUk6MfP0L7WpImwpbDzvxtmyMWSxZ8JZg39F6e1w8cQHzLH0aqJX9uvQgIvogbJB0mFXWURVi9ErahW%2BwkXWptsr99acbACeWvHhej11zT9ZPHMMaluuXTiYnS06xPJTJZglT5hvMbl15uReewBWhhwiEVa2S%2BD%2BCQEQGLsz1dpJNd543dQllUPh&s=2d10f7e2-3372-4377-b81f-4a7ead155b40&i=&e=Support&y=Guest&r=Get hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                          • 23.41.168.93
                                                                                                                                                                          P0nYO8Pr3n.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                          • 64.124.76.140
                                                                                                                                                                          n5vjWNCONy.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                          • 199.119.163.179
                                                                                                                                                                          MICROSOFT-CORP-MSN-AS-BLOCKUSACH-7830-15March.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                          • 13.107.246.40
                                                                                                                                                                          https://www.cognitoforms.com/Edisoncslhotmailcom/SignIn?entry=%7B%22Email%22:%22mickey.mouse@microsoft.com%22%7DGet hashmaliciousUnknownBrowse
                                                                                                                                                                          • 13.107.246.40
                                                                                                                                                                          KtvCSGVXFf.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                          • 147.243.118.167
                                                                                                                                                                          ACH-8528-15March.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                          • 13.107.246.40
                                                                                                                                                                          ACH-9914-15March.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                          • 13.107.213.40
                                                                                                                                                                          ry3HbSIIPt.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                          • 52.136.9.85
                                                                                                                                                                          ACH-9528-15March.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                          • 13.107.246.40
                                                                                                                                                                          XdH8FFhMcG.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                          • 20.114.7.134
                                                                                                                                                                          PPIQY37OuD.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                          • 51.106.42.105
                                                                                                                                                                          4M8Yu1QU0d.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                          • 52.96.169.61

                                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                                          No context

                                                                                                                                                                          Dropped Files

                                                                                                                                                                          No context

                                                                                                                                                                          Created / dropped Files

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveCrashHandler.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):302912
                                                                                                                                                                          Entropy (8bit):6.698956223631608
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6144:vwZfu+xXz86yji7+7tzuk3vbOtQtAO4D5eUdRx+Euqu7:GfuKXznyjiC75uk3CQtWD5Xx+ERu7
                                                                                                                                                                          MD5:565DAF0070618C3BBB1D486B0D5A70FA
                                                                                                                                                                          SHA1:3DF3AE144DB804EAF83BC0B89ED847380D476078
                                                                                                                                                                          SHA-256:03E2EA9C1BE863F1BD007AE03C06BF3187751A00ED0CF7C4DEB3750951E5B960
                                                                                                                                                                          SHA-512:DED5E2D3D3CA1198A576A0947127F584156919CAE2D67A688B90EBAF11C2AD8E2C50A494052245DB8A2423F90F037886A70AE2AE42EAF3122E1B1E53699FA176
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......._[HC.:&..:&..:&..H%..:&..H#..:&.IO"..:&.IO%..:&.IO#.H:&..H"..:&..H'..:&..:'..;&..O/.@:&..O...:&..O$..:&.Rich.:&.........................PE..L......e.............................h............@..................................Q....@..........................................0...2...........N..@Q...p...$......T...................@.......h...@............................................text............................... ..`.rdata........... ..................@..@.data...t(..........................@....rsrc....2...0...4..................@..@.reloc...$...p...&...(..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveCrashHandler64.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):397632
                                                                                                                                                                          Entropy (8bit):6.440229620666291
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12288:/+n1e0P+GDRxRwwbClZ+jam+oAI5BciIx+U:/+n1e02axRJam+S5upxn
                                                                                                                                                                          MD5:22DB9D0D4FEC050C0420274D3073994B
                                                                                                                                                                          SHA1:46FAC4589B3FCEDA6076A36CC3D3E422C05FCCDE
                                                                                                                                                                          SHA-256:00FF35AA88B2E1C9C271365A93B019CDD3A4ACA593642712B694628D45A12C8C
                                                                                                                                                                          SHA-512:C22C6656073B7EC51390D900ED40C6AACB0BB19134BD210E17E1D7A2C27069A33CAABC7AF76D50DEE6BF73EBA982F31DB8AE0509CA5690D2E4A07E675C471D1C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}...9...9...9.......2.........k...+...k...3...k...l.......,.......&...9..........b.......8.......8...Rich9...........PE..d...O..e.........."..........(......X..........@............................. ............`.................................................H3...........2.......,......@Q......8.......T.......................(.......8............................................text............................... ..`.rdata..............................@..@.data....6...P.......>..............@....pdata...,...........P..............@..@_RDATA...............~..............@..@.rsrc....2.......4..................@..@.reloc..8...........................@..B................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveCrashHandlerArm64.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32+ executable (GUI) Aarch64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):372032
                                                                                                                                                                          Entropy (8bit):6.290860581824482
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6144:KfMOKV6tGrZeRIigzy/zIdNyPKxtJiD6eJj3tXPPx0t1Nosmj1c5e7QTQx+4:atAZNzif5fsm25t8x+4
                                                                                                                                                                          MD5:C8208EF35D885AF836E6740CB411BDB7
                                                                                                                                                                          SHA1:82CD43B3E74C519AB6AB9E2495C0E217F61D246A
                                                                                                                                                                          SHA-256:780FEDCD87E2AFC1A64EA295EA1A940EA69F74B43C625B6C85C0EECFD4142472
                                                                                                                                                                          SHA-512:010DD5C202E313D53DCCF86964A86D5981723A28BFD64B78752FD135DEB90763A93E04A9373136DDDB19EB6109AA540EF4E30F826DF7C02EC735A65676673A88
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........G.........X......X........................X......X.........N..A......A.B....A......Rich...........................PE..d...Z..e.........."..................R.........@..........................................`.................................................H........p...2...P..8....\..@Q..............T.......................(...@...8............................................text...D........................... ..`.rdata...(.......*..................@..@.data....4..........................@....pdata..8....P......................@..@.rsrc....2...p...4..................@..@.reloc...............P..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):175424
                                                                                                                                                                          Entropy (8bit):6.036513000632513
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3072:cQPidj5By4/EeaZL8Z0BFri9WSfWJVVqH9B+bCe5kNtupnu0D6EDpf34fdjdEcRh:heaCSgfuqdB+i48
                                                                                                                                                                          MD5:7ACF578621988C8B80F4D7EF7A12B89F
                                                                                                                                                                          SHA1:184A42476F12A89731F608C7198E47BFC35A8364
                                                                                                                                                                          SHA-256:633B554A26AD05C06DFE33A50F6D69E9160207F3168E15FFD3CB5652B1E8E9D4
                                                                                                                                                                          SHA-512:DDB593D8A6BC515DCA7A4EADB2F50C28C8E61E9A829186BE9B9E8B19371E969FE055104DEFFD8CD5CD9B48F2468EC8B3D7BF6AEE45079E445D3FE42696E2D5A2
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........m....A...A...Ao..@...Ao..@2..Ao..@...A..@...A..@...A..@...Ao..@...A...A...Av..@...Av..A...A...A...Av..@...ARich...A........PE..L...)..e.................<...(.......z.......P....@.................................A.....@.................................`q..x.......0............\..@Q...... ....^..T...................@_......X^..@............p..\............................text...4;.......<.................. ..`.data........P.......@..............@....idata..P....p.......J..............@..@.rsrc...0............T..............@..@.reloc.. ............J..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdateBroker.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):116032
                                                                                                                                                                          Entropy (8bit):6.62560704966013
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3072:oHsWPr3K6NL3FBqrx0LHu9eU53kB+XmkM/UTmG:usWG6l/q33kB+5M/BG
                                                                                                                                                                          MD5:612BFE378FBE209AC8584AE27640A97A
                                                                                                                                                                          SHA1:235AEA9A968A37CFCC8FD2C25C167EE3F8091607
                                                                                                                                                                          SHA-256:CA510F6779F14699708EA640175D8CEF89388D07BE2435D22775FC078C483E0D
                                                                                                                                                                          SHA-512:787A576E993E8D58F96EB2B0428B02AC318EABD249DCAFF26E87E6F01282CB407879D8BF280BC398D90D2EF822FDF4D11371BC732F12D8085C50DAF7F8D97407
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."...f.Hf.Hf.H...Il.H...I..H...Ir.H4..I@.H4..Iw.H4..It.H...Ic.Hf.H5.H...Ig.H..LHg.Hf.$Hg.H...Ig.HRichf.H........................PE..L...2..e..........................................@.................................M.....@.................................T8..<....`..x2...........t..@Q...........-..T...........................`-..@............................................text...s........................... ..`.rdata...^.......`..................@..@.data........@.......&..............@....rsrc...x2...`...4...0..............@..@.reloc...............d..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdateComRegisterShell64.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):195392
                                                                                                                                                                          Entropy (8bit):6.420855633369088
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3072:INA1+FyhLMnQtMIHh1a/r8/kGgTWZi1vnoY46u8sOMRzy+jGre:OAowhLMnQtMIB1a/ospTbohL5y+yK
                                                                                                                                                                          MD5:F2CA542F38E6B51EDB9790369117F54A
                                                                                                                                                                          SHA1:BC2E23A3FE66D39153CE5334F25FB218D9CE4FC0
                                                                                                                                                                          SHA-256:ABDD09D0B7A2718FDA3FED25F0C404F228BABD83AA59148AA40BD0E4E9A937D1
                                                                                                                                                                          SHA-512:07992FDB6B98940D403BE1AE6A7D49706EE198DF3A18771C330CB4703C4C9E83D519B23FE5CB4B1A117E7B70BBED7EB159F962AC1D7F942C8358F8DEA7F770BB
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........d..t7..t7..t7}.w6..t7}.q6..t7..p6..t7..w6..t7..q6..t7d.}6..t7}.p6..t7}.u6..t7..u7=.t7d.q6..t7d..7..t7d.v6..t7Rich..t7........PE..d...9..e.........."......r...X.......P.........@............................. ...........`..................................................{..x...............@.......@Q...........^..T....................`..(...p^..8............................................text....q.......r.................. ..`.rdata...............v..............@..@.data...@2...........p..............@....pdata..@...........................@..@_RDATA..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdateComRegisterShellArm64.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32+ executable (GUI) Aarch64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):154432
                                                                                                                                                                          Entropy (8bit):6.173383322052518
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3072:VkKhe7NGODfqGfusU730roSnXvnaaDSNcp/:hhmNFDfXfusAxSDSNK
                                                                                                                                                                          MD5:F0DBBAC441C6232C55D5275C77A77DD4
                                                                                                                                                                          SHA1:6AA9207B5E119091948CF286A98138E1D9B0ACE8
                                                                                                                                                                          SHA-256:1B9A4836FD73243ED7B472D71344CFE103760413334D0E5B947C87832332CC2A
                                                                                                                                                                          SHA-512:9FA2CEDEC9AD950624B9782F6E47B322966605A6E412034471C0C8AE52CFBA894078F53671BB6F9B72C2D9584EA879A028EE37341A694443F1A517658B4DA4E7
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|.8.8pV.8pV.8pV...U.:pV...S..pV.j.R.+pV.j.U.2pV.j.S.kpV..._..pV...R.#pV...W.!pV.8pW..qV...S.9pV.....9pV...T.9pV.Rich8pV.........PE..d...^..e.........."......2...........i.........@.............................p............`.................................................H...x....P.......@..........@Q...`..T... ...T.......................(.......8............P...............................text....0.......2.................. ..`.rdata..v....P.......6..............@..@.data...80..........................@....pdata.......@......................@..@.rsrc........P......................@..@.reloc..T....`......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdateCore.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):224576
                                                                                                                                                                          Entropy (8bit):6.731913745591885
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3072:XvFYwxiy+jCOCx2FssbcF8RLcul9+2+xwEJAg0FuRxqD2YqMR5+oZmYex+n1+P1/:XNYwBOPfbcF8qVtAOOTR5z5ex+sN
                                                                                                                                                                          MD5:6E63E263EB7CB0A31F4800D274BD3936
                                                                                                                                                                          SHA1:89F0AF0FB5DE7288DB94A6B4DEFB9BB474216989
                                                                                                                                                                          SHA-256:9D8EBA8007E48AE1FFCC28129AB894814F844AB5C5D1543A3C8CF863C0F88A47
                                                                                                                                                                          SHA-512:55C74E7F32E6CE21670BBA7003EBB00AC7A121A3A11B535F98D1AC3D35D1893449CA078FD093FFFCFD7547F99DB167ACAFB427F0057ABAA9115382BB0315998E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........bm...>...>...>^..?...>^..?*..>..?...>..?...>..?...>^..?...>^..?...>...>...>G..?...>G..>...>G..?...>Rich...>........................PE..L...T..e.....................`......v.............@..........................p............@.................................T............2..............@Q...P......@...T...............................@............................................text............................... ..`.rdata..............................@..@.data...l&..........................@....rsrc....2.......4..................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdateOnDemand.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):116032
                                                                                                                                                                          Entropy (8bit):6.626583684028364
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3072:yPMWPuHKCqLXFBqrG033M+tZnkB+XmaLNrfei:MMWtCYfqVnkB+PLNh
                                                                                                                                                                          MD5:088EBFFD13539DBEF1204243C3558999
                                                                                                                                                                          SHA1:4E2302B2008CD8CCA7DAECBB13D42931971890E2
                                                                                                                                                                          SHA-256:79BAB0D36F4682194C20694F67F1B716438E7EAFBDBB83D9681259A41276D857
                                                                                                                                                                          SHA-512:55A671BF0BAA2407D14872AA3ECAA485D2FC267AA57374A1E0871B5060372F8989FFF8444B65BF256A45D9B92568F9B69F759F8B1E5DACE94EE91FB0A7774F03
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."...f.Hf.Hf.H...Il.H...I..H...Ir.H4..I@.H4..Iw.H4..It.H...Ic.Hf.H5.H...Ig.H..LHg.Hf.$Hg.H...Ig.HRichf.H........................PE..L...4..e..........................................@.................................,k....@.................................\8..<....`..x2...........t..@Q...........-..T...........................`-..@............................................text...s........................... ..`.rdata...^.......`..................@..@.data........@.......&..............@....rsrc...x2...`...4...0..............@..@.reloc...............d..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdateSetup.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1446992
                                                                                                                                                                          Entropy (8bit):7.913845028849878
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24576:w2hOU0p4qlWfBTfmRfanIT6lUScOWFohEp6Vvn6qtndPVmatCkbpmp:zhOJpP4JTm5T6lkFohDB6sndPVa6g
                                                                                                                                                                          MD5:E3E7498C2436A1570109FBE755AF1D40
                                                                                                                                                                          SHA1:D7FB79F465D2C87EF22088327B5BFB73899FDF7E
                                                                                                                                                                          SHA-256:498E27ED4E5BB584672992F459C0E51CD1E7345889DFF1521CCF577B13ED6313
                                                                                                                                                                          SHA-512:4DD6025D4EBD1D4EDEEC077EE39E8704D2ED04FFD5F7AD83934A2ADA8D0E3AEFB15841B36AD0454E0C2CD6BE12E13B2015DE322D27059CB2FEA8BB7F4A247096
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........V........................Z.....................................................................~.............Rich....................PE..L...!..e.............................i............@..................................\....@..........................................P..<g..............Pt..............T...........................8...@............................................text... ........................... ..`.rdata..B...........................@..@.data...T....0......................@....rsrc...<g...P...h..."..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdateSetup.exe:Zone.Identifier

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:modified
                                                                                                                                                                          Size (bytes):26
                                                                                                                                                                          Entropy (8bit):3.95006375643621
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:ggPYV:rPYV
                                                                                                                                                                          MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                                          SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                                          SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                                          SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdate.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1116480
                                                                                                                                                                          Entropy (8bit):6.768405587681001
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24576:JYCOm/qiJZz4j02iDtjNDhSRXaD5O5sHG4reqc8fvT2bz9cjclU:NO8Z0jniDtjNE6Y4rNvTkz9cjclU
                                                                                                                                                                          MD5:36C7B693D057C28F237E57964DC3D785
                                                                                                                                                                          SHA1:468394D765AC4EA8A92C4B673D4A10C6DAA1CDBE
                                                                                                                                                                          SHA-256:A718ECF01E9E995A189A6A0F9F6367ECAFECEB7BDA16705E8B7037AB844E51C5
                                                                                                                                                                          SHA-512:6F3220C27BF9D44BCBA0AB1457543D29E1DD8381541624B81045D868813D5EE647035B42761A9F53D25DBFB5D00F598254E1BAF51816052929E637ED793C8E45
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......r.Y.6.7.6.7.6.7...1.7.7...0.7.7...4.'.7...2...7....4.7.d.3.'.7.d.4.!.7.d.2.y.7...3.,.7...6...7.6.6.W.7...>...7...7.7.7....7.7.6.....7...5.7.7.Rich6.7.........PE..L......e...........!.....R..........}........p............................... ...........@.............................T...4...........................@Q.............T...............................@............p...............................text...qQ.......R.................. ..`.rdata..4....p.......V..............@..@.data....X...P...4...(..............@....rsrc................\..............@..@.reloc..............&..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_am.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):53568
                                                                                                                                                                          Entropy (8bit):5.575420072105715
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:AR+H4k4+J2HNyb8E9VF6IYinAM+oP90at2rIYiF9qmPd9AM+o/8E9VF0NyKz7P:jHZJOEpYinAMxBYiLPzAMxkEkn
                                                                                                                                                                          MD5:550A1B340AB88809669FD17EC434561A
                                                                                                                                                                          SHA1:0F6C12C069746DB4AC01DA97185E090FF509C546
                                                                                                                                                                          SHA-256:3C113F4FF22B63D42E4B3351EA2952DBB1842655DD52F0F84951961CA7C303E7
                                                                                                                                                                          SHA-512:5AD6E4B96196B15FFCFBD189AEF474DDDDBE5E6AC3FBC49BE7EA9C99A39D8F8C38FDBF7C6D0FE20B1FF0048A2E8E0BB94631FE718C507301837B9347B3A3257E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...7..e...........!.........z............... .......................................H....@.............................D....0..(....@.. q..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc... q...@...r..................@..@.reloc..$............~..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_ar.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):52544
                                                                                                                                                                          Entropy (8bit):5.5725435735274305
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:J0ovtkCLu+JG8Nyb8E9VF6IYinAM+oP9VtdzACyIYiF99OAM+o/8E9VF0Nydh:PvtkCLdrEpYinAMxAEYi0AMxkE9
                                                                                                                                                                          MD5:BBC6198B60210C1578CBAA60B96FDC70
                                                                                                                                                                          SHA1:3A19EFD437D2C35CB15F2AB2D813466E8B1066B7
                                                                                                                                                                          SHA-256:9196D431048A4481911054ACAD58D849D9AC38715A2F164FB09CC52F5E41D105
                                                                                                                                                                          SHA-512:D89A7F66BF6273A0A232D543FDB98CF583B0DCDE2FFF058AA018A2368D0F0918CDCB317D0729749F490D5F6A5D9D36B04F73CB8E2CC3E3D69A123808B787B0A9
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...8..e...........!.........v............... ............................................@.............................D....0..(....@..xm...........|..@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...xm...@...n..................@..@.reloc..$............z..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_bg.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):55616
                                                                                                                                                                          Entropy (8bit):5.5655586584292065
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:Jq/odckbeGZBOcl8Nyb8E9VF6IYinAM+oP9ax7AIFEIYiF93jjMAM+o/8E9VF0Nm:yoV7DlcEpYinAMxyL1YirjMAMxkE0u
                                                                                                                                                                          MD5:DA09EAA0D93375AFE0709C1809C14939
                                                                                                                                                                          SHA1:9FD4700E02BFBB7E4C890CDD59F0620FB0F9FE17
                                                                                                                                                                          SHA-256:0BD086FFED7296FF1FD8228AED8F80B8D9A8E2402AB974A9258A86887347E502
                                                                                                                                                                          SHA-512:392C0DEE8ED74DC12978E29F5777BF5D3E93BB0F839C156951F34EAA9A72AC9F4E132A99344D9EACCD5D98AB12CC7EA5F95DC1D503B6C6CB1F4086380AAC3A96
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...8..e...........!......................... ............................................@.............................D....0..(....@..8y..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...8y...@...z..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_bn.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):55616
                                                                                                                                                                          Entropy (8bit):5.623684706857659
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:JcKhvUx7tYF7qKF0FrHF6zjbmBwgNyb8E9VF6IYinAM+oP9ndzZIYiF9wQAM+o/i:xhrlF0FrF3BwYEpYinAMxaYi1AMxkEI7
                                                                                                                                                                          MD5:28C55146F4311953E1CF7E468C8DC74B
                                                                                                                                                                          SHA1:76442CD814BE3FB21A0E2E8608E564C785548F13
                                                                                                                                                                          SHA-256:32216C7119BE97564830F8CBF4888632E7D1AC5F99AB65DA6C2E6A28D511800E
                                                                                                                                                                          SHA-512:5E13C7820218C29F26C64C12C318E40C11759B37300793F22E08F3D828361CCB1244123610B4AFE3E9E9E454263A862D136A96E4271B51378C50E8D2F8A83D47
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...8..e...........!......................... .......................................{....@.............................D....0..(....@...y..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....y...@...z..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_ca.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):55616
                                                                                                                                                                          Entropy (8bit):5.39160458880719
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:Sv2ArBupGEEpYinAMxVYiDWdSAMxkESKM:Sf397HxV7DWGxuKM
                                                                                                                                                                          MD5:44ADDEF5DF612EF84086876FFA323A76
                                                                                                                                                                          SHA1:CC7639439B15CAF8FC8F9240BEF8B757BB3054A2
                                                                                                                                                                          SHA-256:108525B759F60C5076BACA70474640E1E262BF77FF3F1A1E7822198416084D55
                                                                                                                                                                          SHA-512:7211E8549A4D6A3BD6C425DA1065F8AE0DAEE1C7325D63A8E8535FAD7464A2043CCB5F379310AB4A22C4498728F3317B79F260C097CCC652817FB521D317106F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...9..e...........!......................... ............................................@.............................D....0..(....@...x..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....x...@...z..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_cs.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):54592
                                                                                                                                                                          Entropy (8bit):5.442186434885563
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:OUBDBWpaJkhYwA+fwNyb8E9VF6IYinAM+oP9gpY83AIYiF97XAM+o/8E9VF0NyFx:huIEpYinAMxZsYiDAMxkEpb/
                                                                                                                                                                          MD5:68BF6960F7C5BF7AE817EFFC7632C017
                                                                                                                                                                          SHA1:F828B622D95F69222B68BBA9FA9F400672C84569
                                                                                                                                                                          SHA-256:5314C94178A6861A88792F34D924A56B5CC7214CC4351AFCBED536D5C3F13417
                                                                                                                                                                          SHA-512:71C84ED4417ED943EF752CDAC0D9E57FCAFAD80B3B16A2EE515734BF3A12F335FB9E4B0BE86DB1B607CF4E951D4306626C15C166C11579BBD0B866756D0DE53A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...9..e...........!.........~............... ...........................................@.............................D....0..(....@..0u..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...0u...@...v..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_da.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):54592
                                                                                                                                                                          Entropy (8bit):5.409036773195985
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:O7aUfNnwtpTqPqNyb8E9VF6IYinAM+oP9G5rJXEuIYiF9YabOAM+o/8E9VF0NymB:X8nw/+qEpYinAMxgUjYinaAMxkEm
                                                                                                                                                                          MD5:6ECB0249DA48684622FE633F98F8F530
                                                                                                                                                                          SHA1:1B9990DCCCD813FAC7C5517A03E5C147816E486F
                                                                                                                                                                          SHA-256:0A52E3DC70183D8041683817CC0514004898E87D9C080FB93374E900660BBC0E
                                                                                                                                                                          SHA-512:E48932205ED3362B4C915C572FCAAD012205837F54520F66C33B12F9AB4179E03AEB559C18465E3C419242CF039DA5C0271FD2CBC0031F1E7C7594C71CCB75BB
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...9..e...........!.........~............... ...........................................@.............................D....0..(....@..xu..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...xu...@...v..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_de.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):56640
                                                                                                                                                                          Entropy (8bit):5.377480288938011
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:XKjmxUM8QtPM0Me6INK/AGNyb8E9VF6IYinAM+oP96jjjIYiF99hJIAM+o/8E9VF:UmXjMePsAOEpYinAMxaMYivuAMxkEhJt
                                                                                                                                                                          MD5:BAEA28AE8DD3E3C70DEBCDF1AE5448B4
                                                                                                                                                                          SHA1:F8F40C17ACE4FBF272618063BC35F2502B00ADC6
                                                                                                                                                                          SHA-256:4C2DA183A792B13077B398085CFF930CBF493B8CBEC50609F2BC6747F0B8092A
                                                                                                                                                                          SHA-512:04DE4F7FA8C4A625724337539EFF093E2371ED417A6363833E7F65CBD14C9A0F64BB17EF1BA4BF51A16D6611E8240E4D2B248E4622BAB462DC331459DF64C851
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...:..e...........!......................... ............................................@.............................D....0..(....@...|..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....|...@...~..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_el.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):56128
                                                                                                                                                                          Entropy (8bit):5.627688222986176
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:8Zr5lLO+R52/g4EpYinAMxSKYidzAMxkEd:2rl7207Hxt7dzxJ
                                                                                                                                                                          MD5:5FBDD326F7F291BE11E1D79A7B2C8A51
                                                                                                                                                                          SHA1:5701E5D3496F6D2F0C694D317F568A63990C311F
                                                                                                                                                                          SHA-256:1CB97FF90568D81F8CC9E6A2EAFB07EAA276834169365980279403D99756103B
                                                                                                                                                                          SHA-512:01BC099E7C875D6A0473F6FF577F14F3DA3123951596B5651BC757B6A2C10F293078452BB42A87084C3B862D4A0CD56129670234D2E9518E76379C534B534AAB
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...:..e...........!......................... ............................................@.............................D....0..(....@...{..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....{...@...|..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_en-GB.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):53568
                                                                                                                                                                          Entropy (8bit):5.419932966591344
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:Xy1/Nagyh6QuZNyb8E9VF6IYinAM+oP9p91J3ZIYiF9fAKAM+o/8E9VF0NyUNk:uNagyhi9EpYinAMxVGYiQKAMxkEYk
                                                                                                                                                                          MD5:4396E672BC6FB86EDB0C6889D12CE082
                                                                                                                                                                          SHA1:C92279D00DBC2DC0EA13E3A8896EDA76A359723D
                                                                                                                                                                          SHA-256:F35E94567279C322EC1D4BB99EAA1327FCAA1F06F4BD9D1CEF8C897FD8BDA8C3
                                                                                                                                                                          SHA-512:45F40EACE1C0398EBCA42EFF48DE6208BC87147837459AEE6D882CD017A9069CAD2EBEFE8B1EF0D27F36981DDD963416F0B7B5A26AF98A84B6CB64666638D0D3
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...:..e...........!.........z............... ............................................@.............................G....0..(....@...q..............@Q......$.......T...........................`...@............0...............................text...7........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....q...@...r..................@..@.reloc..$............~..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_en.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):54080
                                                                                                                                                                          Entropy (8bit):5.398655575356968
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:8VgzagyWk9RUNyb8E9VF6IYinAM+oP9BCDvCIYiF9L3qc2AM+o/8E9VF0NyQr:NzagyW4UEpYinAMxmYiOBAMxkE2
                                                                                                                                                                          MD5:364F97EE7B79DEB51DCC8F5EC4A0EE7C
                                                                                                                                                                          SHA1:EC4CACCAA57714FA8B9869315B6B13C530587E2D
                                                                                                                                                                          SHA-256:DE1E4766E0A2C188604AB2927025E1F5B05CEBF7E7B20E8342B4206686A7EB96
                                                                                                                                                                          SHA-512:43894949B412A8ECA8032F68DAC6C9208D9297B8C0353B9BBACEFE13343BB94343569F4CBEE1AC2B90971C8E2CC81408C55FC57DFEB94A6297D28CBB43E4D1E6
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...;..e...........!.........|............... ............................................@.............................D....0..(....@...r..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....r...@...t..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_es-419.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):55104
                                                                                                                                                                          Entropy (8bit):5.391103646647603
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:8Uil+fs4INyb8E9VF6IYinAM+oP94Y6uFkJIYiF9EW4EVdAM+o/8E9VF0NybJ9:Il+fs4gEpYinAMxnZYiWELAMxkED9
                                                                                                                                                                          MD5:C2E2C6690755507979F570CA3E92E903
                                                                                                                                                                          SHA1:F82052FC3D2C97C18CCAE91CB64C91F02DC09AC5
                                                                                                                                                                          SHA-256:FD60F26D62F58D1AA41D11A8AD3086E2A0D92EF22AC766F606AEB2BCC3B217EB
                                                                                                                                                                          SHA-512:319A6418576BE4274269F533A5CEF62F9020B606494F3C7A5B299957931B919A86507F7888EAB5C6BB952BC65DAF76AE89439E72778BF97F77B30B520E904148
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...;..e...........!......................... ............................................@.............................H....0..(....@...v..............@Q......$.......T...........................`...@............0...............................text...8........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....v...@...x..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_es.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):56640
                                                                                                                                                                          Entropy (8bit):5.365606356097874
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:86qBkNzf1FNyb8E9VF6IYinAM+oP9FVIrIlppcIYiF9kSx6AM+o/8E9VF0Nyueu:KBkNj1BEpYinAMxI2Yi1oAMxkEq
                                                                                                                                                                          MD5:91C76FBA7736D06307708EE572CB9ED4
                                                                                                                                                                          SHA1:64764FCB44F18104E7554D8091BD0C7EDAA9D1A9
                                                                                                                                                                          SHA-256:D62078627149F4B5B90EE68B56C640CE120519F2F0438FC136AF225510CBD343
                                                                                                                                                                          SHA-512:F789D42681BDCEE52CFD342F019A16396DAE0E3F8C929A1A004E1F9F960EC94BE72B40E8D22A0DFEDA1F743564568F457EA64A6C6E5074F323C4655964402097
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...;..e...........!......................... ............................................@.............................D....0..(....@...|..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....|...@...~..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_et.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):54080
                                                                                                                                                                          Entropy (8bit):5.407227689072818
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:VYBW7bDFbDZETJ9TSQMNyb8E9VF6IYinAM+oP9I6UwqLYcIYiF9sx5q7AM+o/8Eg:Sm96nHMEpYinAMxTYiOYAMxkEg
                                                                                                                                                                          MD5:9599F4AEE019804B418245C5A86881C7
                                                                                                                                                                          SHA1:517D4DDD90361B89359BCCC174D9A6ECDA391426
                                                                                                                                                                          SHA-256:3023BFEDCD84AC065A38C4C6C983CCFAA0B3D5C02A610C6CA2EA00FD5545DABB
                                                                                                                                                                          SHA-512:613C6F11D11D84C1208B1CD7BDF030C3D2F5B90BC4D134C6E0584121B688AD14B01CE38C56501898962F5C859A8AF54248E86F510C20F3F7E0415163FFF95F14
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...<..e...........!.........|............... ............................................@.............................D....0..(....@..xr..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...xr...@...t..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_fa.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):53568
                                                                                                                                                                          Entropy (8bit):5.562768970202109
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:VCYQOZMK9Y5fNyb8E9VF6IYinAM+oP9eLcfiPdwFIYiF9EbrJAM+o/8E9VF0NyXe:c1VBjEpYinAMxMcqPVYicxAMxkEg
                                                                                                                                                                          MD5:A09A6C8DC7CEFC6CB126939947884678
                                                                                                                                                                          SHA1:16F90FF84A3CD8C98304459007C7D05A98D05CC0
                                                                                                                                                                          SHA-256:C5CFADFE624A0B92B45B121DC30D06D89150BDB03FD45B4FB7B4534BBC7EB40E
                                                                                                                                                                          SHA-512:AF6F3BE99AEA54D26E933C98695644596D814E4E8B880E5CE081093A474FB8DF973853DE5220E498ADC84FF752CFD1CA4165771F04048CA9ED7CB6C179050798
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...<..e...........!.........z............... ......................................q.....@.............................D....0..(....@...p..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....p...@...r..................@..@.reloc..$............~..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_fi.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):54592
                                                                                                                                                                          Entropy (8bit):5.408662294317196
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:V1HzPEzPhXY7RzYd99hKh1GAsNyb8E9VF6IYinAM+oP9BSzehCaIYiF9ca8lAM+c:PzPEVmKgsEpYinAMxqzTYin8lAMxkEsI
                                                                                                                                                                          MD5:1DFC8B3110BA27F76C5C6495533AF538
                                                                                                                                                                          SHA1:DD60677F7AED0FBC06877333136562EDAF0BAECA
                                                                                                                                                                          SHA-256:60A159777971A84302E150866CAE1339ADC04939BF12B7B2367243361499BBF9
                                                                                                                                                                          SHA-512:37674C26A179B839239337219EAF8F78AEAC10425DE5E7CC5A91B140B816410EEC5C4DE84E7BE825BA4CED3AA41F1B421B1902D26C5A9384C725C5682017ED72
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...<..e...........!.........~............... .......................................G....@.............................D....0..(....@...t..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....t...@...v..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_fil.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):55616
                                                                                                                                                                          Entropy (8bit):5.386310916321289
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:D7U9w+B3RVawWrEpYinAMxmR7zYiyOAMxkE8e7:D6w+B3RVawf7HxMf7y8xN
                                                                                                                                                                          MD5:20152624A1FF01D9F2BAC28D7B00CCA9
                                                                                                                                                                          SHA1:A320967BEE24E07725E3AC2DC2F66F264F1B9221
                                                                                                                                                                          SHA-256:80063F2CA78C9C757FB06B36F24F0347992DD75D300C4FB4A0DAA90D31B83A2D
                                                                                                                                                                          SHA-512:A9334CC7D97A212F816EEAC0EBE8D6A5CC4B83C72DC10C34682AE504EA9690C077A84246DBA1462E991C609431CC93B085ADC14DAE28D468B537305161D56EF7
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...<..e...........!......................... ......................................-.....@.............................E....0..(....@...x..............@Q......$.......T...........................`...@............0...............................text...5........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....x...@...z..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_fr.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):56128
                                                                                                                                                                          Entropy (8bit):5.3857985161200785
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:qqov98EoycpW4xUNyb8E9VF6IYinAM+oP9HaOp/IYiF91ihkAM+o/8E9VF0Ny3j+:OvaycNUEpYinAMxoMAYiAhkAMxkEt+
                                                                                                                                                                          MD5:7704C15C3F3F312CAF2849DC2EAB0E78
                                                                                                                                                                          SHA1:E3C673D407464CCB1E2DF5FC357D814C61213F7B
                                                                                                                                                                          SHA-256:FE634E2F6C7AD7BAD17BD0A956B612BB14A9064B98CF5B5E013E08AC19204744
                                                                                                                                                                          SHA-512:704A7541B55962E0DB1BF9388DA3F8A2AE1AE284AA60409D5FBC30F9BE275658D10C2DBFA80DED9F12632DA0F4F076925B5658B4F16EEEDD5320AFEADDEDCE85
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...=..e...........!......................... ............................................@.............................D....0..(....@...z..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....z...@...|..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_gu.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):56128
                                                                                                                                                                          Entropy (8bit):5.61051850410968
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:q6qm3UbeAV4DnYCRfwmkIPNyb8E9VF6IYinAM+oP9iCpiA4RpIQnBIYiF9jdiAM+:EUUbe7hbzEpYinAMx07nWYi0AMxkEoem
                                                                                                                                                                          MD5:41B7CEF8A631E5F9FF1B54F6B0CE13E7
                                                                                                                                                                          SHA1:8B695116808D99DE0B49EB54FF8AFA9A6E81368B
                                                                                                                                                                          SHA-256:3B5FFC2C6DCE2BE431CF686FCD2D2CD39FF003D42AFC27887CB128B34CBEE354
                                                                                                                                                                          SHA-512:15E72B1B3FDEB5A7AC2C4AB044224D25521A820AE62C725ECCAF6E3E2C1CDB24F9EAFB3AA12E1C1ADB042E762D49E0FE6A3B81280D1E5346BCDBDFFB8712B6FB
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...=..e...........!......................... ......................................1.....@.............................D....0..(....@..hz..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...hz...@...|..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_hi.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):54592
                                                                                                                                                                          Entropy (8bit):5.584260993420684
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:j4x6AN6AQqjexbyqKXhHqC1EpYinAMxlcYiXl2AMxkEb:j4xXc7Hxlc7VExH
                                                                                                                                                                          MD5:5EAF10368F71EF58845D728B1C35DEDA
                                                                                                                                                                          SHA1:1D525E25F5B1B2546285B0BCD18BE0D2F81F17A5
                                                                                                                                                                          SHA-256:E9FBEA12B32D02160D14370501A622C032114C592EF7C5BF94EB620283FCB6D7
                                                                                                                                                                          SHA-512:94B31603651BC5A3BB51E44E07AF1BBDB4B6D9EAF5B0AE7584525155224F23F653AFEA2DDA885620C6362D8CEE6189C5B6C86C2D76E2CDB541415A604A4B1FE3
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...=..e...........!.........~............... ......................................#P....@.............................D....0..(....@...t..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....t...@...v..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_hr.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):55104
                                                                                                                                                                          Entropy (8bit):5.402610840778619
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:TsfBpdOXz19szMH5KBL/yNyb8E9VF6IYinAM+oP9I2ZlxEIYiF9GTJAM+o/8E9Vz:GBK5oL/SEpYinAMxPYiSJAMxkEn
                                                                                                                                                                          MD5:615FEEC50393BF657E7B84A864D534A7
                                                                                                                                                                          SHA1:0D3807C4E28D0121C43B3A910BD4538DEEC70B5E
                                                                                                                                                                          SHA-256:6EB847167FF384D1D30B6D16939980DC89D95547A18CBA91136CE66CEF6C06B7
                                                                                                                                                                          SHA-512:76FEF42FD098DAEAC39B495C5AF7E71784204936D4D75483BB49678C3995C7FE0FC3B75F5D2E034FB974AFCFE45FA4158801C92F0A55441C5E8CD34647142AFA
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...>..e...........!......................... ......................................T.....@.............................D....0..(....@..@v..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...@v...@...x..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_hu.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):55104
                                                                                                                                                                          Entropy (8bit):5.425116799449756
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:1536:Q17U791C2TzpwGFTbZY6d1lBVZ5qAy3FGd7HxQ74xXa:Q17U791C2TzpwGFTbZpd1lBVZMAy3FG2
                                                                                                                                                                          MD5:E200F70987E56CBDFF8C6A587A02705F
                                                                                                                                                                          SHA1:8C135AD82792C337445DAB4677B654C7390BF36F
                                                                                                                                                                          SHA-256:B285107D2D2F2D64F2F060CF57E29B08C5DD9498CE8CEF83ED7C30032CE4625F
                                                                                                                                                                          SHA-512:81163C216A1D4FB7B328D4982F4A251601242320EB413B88F423CB133526484667328716D368DAC110E6E2E4715814A8A1A85BF56A81C42DC8E48049DECDC767
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...>..e...........!......................... ......................................_.....@.............................D....0..(....@...v..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....v...@...x..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_id.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):54080
                                                                                                                                                                          Entropy (8bit):5.402370571282084
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:TxFmhL3THRNkAHqQ3lFRf2I9ByrUvNyb8E9VF6IYinAM+oP9Lfu7byIkdIYiF9X0:WXhR5TEpYinAMx8oKYitAMxkEc5
                                                                                                                                                                          MD5:16C771FF09E9BCFE7FD617C0F5D489AA
                                                                                                                                                                          SHA1:55AC69B62DD357DE4884A95F95786AF979F2CFE2
                                                                                                                                                                          SHA-256:6F747BB6BCF0491A3B7F2F04B802C41BD895A01D94F11E7E5B6721B17DEE26F7
                                                                                                                                                                          SHA-512:D85B041F62241EC6F4685372895200FECCC1F277F1E0D4A5015AD79CEA12FD19BB4B864EF871A4F6D7B4C0D887F4F92FAB74BFDFA7940B07866B063464749C4F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...>..e...........!.........|............... ......................................z2....@.............................D....0..(....@..Xr..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Xr...@...t..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_is.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):54080
                                                                                                                                                                          Entropy (8bit):5.42997837750232
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:gJqibAIErkUVQF5UefV3BEpYinAMxxYiPAMxkEA:gJqibAIErkUVurfVa7Hxx7Px0
                                                                                                                                                                          MD5:1844776B1E873892CB6D453EBCA334A2
                                                                                                                                                                          SHA1:6F36F4BF2CE6D286C0E1E59041EE506BBB96ED7D
                                                                                                                                                                          SHA-256:98E823748DC2E72B8B5A46827D501E12C9C48E209643F2DD6B4B8D333501DF8E
                                                                                                                                                                          SHA-512:8C48EB7CC40EF6798C9789A9B860BCF508D3740E948FE64E1197A422CFD240A6430FC36B5AFC23A5C1CA73FB155003B22A57AECEB207741BC9EBCAA947A411B6
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...?..e...........!.........|............... ............................................@.............................D....0..(....@...s..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....s...@...t..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_it.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):56128
                                                                                                                                                                          Entropy (8bit):5.3695383590059125
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:4SIlDIN+shh3+Nyb8E9VF6IYinAM+oP9BNgIYiF9zMAM+o/8E9VF0NytlR:UVIN+q3GEpYinAMxPYiIAMxkEP
                                                                                                                                                                          MD5:E7A5254E3C732ED21F756B90EE6C73B3
                                                                                                                                                                          SHA1:EE2C5D342E51BE27750F5C855A9437B6BF3FEB86
                                                                                                                                                                          SHA-256:9342ACA1761B4F81F8771F19CB4A1ABD77F392194D32758FF42B98F8AA3D6CB5
                                                                                                                                                                          SHA-512:75F83A5905F8254E4FB352D00B8173D2A5614C17D166C06AB87C0B67C1C7BDF99377C7BBB89A85E6AFC5F0E5F8A045E45D64B2B157A413E871C015EB65D46F3A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...?..e...........!......................... .......................................a....@.............................D....0..(....@..@z..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...@z...@...|..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_iw.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):52032
                                                                                                                                                                          Entropy (8bit):5.602368818487498
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:4cKIv7hdVexaDywGfJssDNyb8E9VF6IYinAM+oP928tt+fIYiF954AM+o/8E9VFt:EgNM1fEpYinAMxZRYieAMxkED
                                                                                                                                                                          MD5:0DC19E59ACEDB7D103D0C21B02804661
                                                                                                                                                                          SHA1:477FEAD06B9DDFB85185DA85A640E6BB467FC32A
                                                                                                                                                                          SHA-256:17ED8A04CC1BCAB734F23140BFC8145BD0D038C284D50F439DAD1E66F7647C22
                                                                                                                                                                          SHA-512:20F3E9B58E9D5AE3F08096ABD5D5A43DB93238FDCDF2E96126A4B4AEB06BE2C8ADDDDC6601136EA265770AFCC7F4BE41E20F1D28CA361FE0135FC98BFA71F392
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...?..e...........!.........t............... ......................................nn....@.............................D....0..(....@..@k...........z..@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...@k...@...l..................@..@.reloc..$............x..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_ja.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):51008
                                                                                                                                                                          Entropy (8bit):5.615534777551888
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:hz7iEHj0FgWGNyb8E9VF6IYinAM+oP9EimJIYiF9mRDxAM+o/8E9VF0NyzCU7rR:RiED0FgWOEpYinAMxHYiWDxAMxkElt
                                                                                                                                                                          MD5:6C6093A914A889BC15133A57DB09C395
                                                                                                                                                                          SHA1:A8F9D54288D636E586271D78E7CF69E9E0121E16
                                                                                                                                                                          SHA-256:EC7AF1E9B03241F85A99F9C807FE279E322CA5528DD08B33F65D0CEFB8F04EED
                                                                                                                                                                          SHA-512:3548503A8395ABD3D19D3FFEF24832242F6F6C742678C0657FBF795DD14584B9F35BE5B02D7BC6657D486E63609E0687C1E277857DBEFCE6AE7D97E6E135605F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...@..e...........!.........p............... ............................................@.............................D....0..(....@..@f...........v..@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...@f...@...h..................@..@.reloc..$............t..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_kn.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):56128
                                                                                                                                                                          Entropy (8bit):5.638575498464374
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:hgLfUIRBSWNyb8E9VF6IYinAM+oP9BGv0Xs8fIYiF9ngp+AM+o/8E9VF0NyNwZ:cfU8k+EpYinAMxq8TgYiop+AMxkEo
                                                                                                                                                                          MD5:12B9BE5F0923BB2313C68BB46A069F4F
                                                                                                                                                                          SHA1:150A975918C1435027F295A06058C5BC110B4AB0
                                                                                                                                                                          SHA-256:DCBA408E4AFDC0831CB26D08EC05EA0616F14071E81ABAC8FE5676636C2EE151
                                                                                                                                                                          SHA-512:1CFC30E83851456DD3A5925925E34AC12F7148E20F487CDB82E0F01E06DD77B6411CF03B2094C11DF9566B1228A97024065A78F77100493902BBBEFDF6502D27
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...@..e...........!......................... ......................................n.....@.............................D....0..(....@...{..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....{...@...|..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_ko.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):50496
                                                                                                                                                                          Entropy (8bit):5.652443774196828
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:hUELKTd4IY+N1vZsYoRHgA12plxB4xRkkTY1M5tkOANyb8E9VF6IYinAM+oP9cbA:HLKWmAf/jv4EpYinAMxhOHYiSAMxkEp
                                                                                                                                                                          MD5:10BAD5A24446C6E00AD2C18D09B000E0
                                                                                                                                                                          SHA1:FA030AA1F64894829C0CD8211488B38A18D12297
                                                                                                                                                                          SHA-256:91649E91509AA7200BB669AD2F5F6788EBAD7C5AA2CA6D7BB855E9FD96D010AE
                                                                                                                                                                          SHA-512:6AA1E426BF7AA470058810F0515A94C1F6D624B4FF3D99BBA09C850FD17DA4A2C2C50BDEF44AA28BBB3358486844520C46482FD7295B9EE50CCC8449940016F6
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...@..e...........!.........n............... ......................................P3....@.............................D....0..(....@...d...........t..@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....d...@...f..................@..@.reloc..$............r..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_lt.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):54080
                                                                                                                                                                          Entropy (8bit):5.426785047163885
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:X1ckHz05TmDq09ZEpYinAMx7b+YivPAMxkEkt:X1ckHz05+i7HxG7Hxwt
                                                                                                                                                                          MD5:74838014C6FDA1D53C8EDC8679F9D28D
                                                                                                                                                                          SHA1:491C640873E70CD0C703C57DB6F0FDC941CBE7F6
                                                                                                                                                                          SHA-256:6AAC9D75D6D02884C5CB5EF33A4BD1801D9BE70DD937C624F21E492F64CADF68
                                                                                                                                                                          SHA-512:ED792A4B625D889D8D17AD1DD23D0CC015F28B3DBCA5CD6C525E8C814996B1F806855AC4B9D59758306BE5F6F0C09979D1ACD64332E24F4C3358C5FD6857A22B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...@..e...........!.........|............... ............................................@.............................D....0..(....@...r..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....r...@...t..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_lv.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):55104
                                                                                                                                                                          Entropy (8bit):5.43355377301059
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:GQQpZyAxOeK6eDNyb8E9VF6IYinAM+oP9l4ZCIYiF941WAM+o/8E9VF0NylkC:IdufEpYinAMxWYiSWAMxkE0C
                                                                                                                                                                          MD5:8FA152CA88C3108EFE077F57482BB42A
                                                                                                                                                                          SHA1:B27058398730B18E39D9E16FBFBC5625AF403FF8
                                                                                                                                                                          SHA-256:01C42EB00F2E6566D3FFF4AFB0B2C2FAF34C14A1A61E29DB86B3CB76D4EFBFDC
                                                                                                                                                                          SHA-512:81620FD3D80A1C245BCBD643D1B579E3D413B3A0011AC65F39CE31929908FCD95C1D4C0D5BA89A1F907E02E351CE5EE2CE79B61E7176CA9706908BCE7A4BF59F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...A..e...........!......................... ......................................n.....@.............................D....0..(....@...w..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....w...@...x..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_ml.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):57664
                                                                                                                                                                          Entropy (8bit):5.590444403006137
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:G3zU3B7FZygp8/JLONyb8E9VF6IYinAM+oP9OFIj5iIYiF9ImPAM+o/8E9VF0Nyv:JRWJL2EpYinAMxpYifPAMxkEeC
                                                                                                                                                                          MD5:F693B959CF8C7341020D18ED345AD74B
                                                                                                                                                                          SHA1:FD57E1806796F23C639531E6DCC165FCEF4F37BA
                                                                                                                                                                          SHA-256:0B37B36D43D032BFB68F06173107AB58E8C17904C3D1247C32690E168FA922F2
                                                                                                                                                                          SHA-512:E474312498C874EF53A1FCC75A9D28A35341577BDBF672FB3D82D76A2BD9BFF6BE9477A61C64D1EB434FCB9FAC7B65912E033FDEF8877A681C614A035C01E347
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...A..e...........!......................... ......................................c<....@.............................D....0..(....@..x...............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...x....@......................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_mr.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):55616
                                                                                                                                                                          Entropy (8bit):5.588716592426551
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:GfvCdo/7JK7bABkCNyb8E9VF6IYinAM+oP9644k0VwIYiF9QqoAM+o/8E9VF0NyZ:uYo/7JK7b5CEpYinAMxmvYivoAMxkEBV
                                                                                                                                                                          MD5:0DC5183697F790CF937860F9F8CCF8BE
                                                                                                                                                                          SHA1:531C04F6AA3B363A14740CC33D1E4D98BF857BC7
                                                                                                                                                                          SHA-256:8176DA09CFF7F0BAE0AA08430CC4CA093A68627FB631A377DF0EC82959E7F634
                                                                                                                                                                          SHA-512:E58A71558240BEE892FB783E061BF481CC2F56F01BFA5F7A2C50C0EC69B2360AB9564E80C3D34ADE0296DB1D9509861484A3D6AB3936880AF9D23CE13FF1A373
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...A..e...........!......................... ............................................@.............................D....0..(....@...y..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....y...@...z..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_ms.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):54080
                                                                                                                                                                          Entropy (8bit):5.4114238474999805
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:Pr10IePeyrQLtUv6oNpaMkYjZZ/fbMgTRlREDNyb8E9VF6IYinAM+oP9LeFFjUIX:qjTZf3TFGEpYinAMx+jlYiFAMxkEj
                                                                                                                                                                          MD5:742CD3150B436B909E5AD9AB6F22783C
                                                                                                                                                                          SHA1:474B8B3B75CFB25C90EB33E8E4BBCCB07068DC8D
                                                                                                                                                                          SHA-256:E537F7AB167D50E347B359AB848C46405C7FFD067408E896858C31AA99E6B228
                                                                                                                                                                          SHA-512:CDD492F93BBE49F17DC8DBAA19C1FE1FB1B3403054703D20402B07A42BB5D5F5D20F1D126103AF0DCE62EA36299835902E7FAFF96EA5D7EACD59974E6F88A2F2
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...B..e...........!.........|............... ......................................?_....@.............................D....0..(....@..Ps..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Ps...@...t..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_nl.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):55616
                                                                                                                                                                          Entropy (8bit):5.380500350214481
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:P/kLXd/T3kXNyb8E9VF6IYinAM+oP9e8Kk6U92ZHIYiF9524AM+o/8E9VF0NyZwS:ULtgbEpYinAMxPSUTYiFAMxkE0S
                                                                                                                                                                          MD5:A54633E30C2FFD23C3578C885E0E9F5F
                                                                                                                                                                          SHA1:662988663B27C21A0CC310D304346466EADD76A8
                                                                                                                                                                          SHA-256:3FB8523B91B2BFEE51CA2EA972ADA260F27BA389EA9E1DD7CB8411F21F126CA2
                                                                                                                                                                          SHA-512:AF9213815F634BC3A1DAFDF0D2BE537E4634D690C118090A81DB1138130504B4EFD27D9D0599F7295B06A5BCCE44B71E200574E583C820E820CA84D72D6E492B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...B..e...........!......................... ......................................D.....@.............................D....0..(....@..hx..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...hx...@...z..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_no.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):54592
                                                                                                                                                                          Entropy (8bit):5.41113033461094
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:PZ75JZSiyCSiykeRAYiTvaK3Q3Nyb8E9VF6IYinAM+oP9P+6kIYiF9+60/AM+o/d:xeCYGiK3Q7EpYinAMxtYiWlAMxkEh
                                                                                                                                                                          MD5:A78998736B54EC264AD3FA9529693C8F
                                                                                                                                                                          SHA1:4B468CCCB8AC25C9E9C05161DD5C44E08504B41A
                                                                                                                                                                          SHA-256:EB3F06A4EA447CE64971673C50CCF83E2842303F1A27655F3A170495C94B71C6
                                                                                                                                                                          SHA-512:F747EC1B69B931D90EF4CF31A5F8E7BA95B6AEC7B36299A0E988B1D4790F42BE8AF698FE66032324C9634E5A44FD251D7BCBFEF9C5529E7D2368FFA38CEB5962
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...B..e...........!.........~............... ............................................@.............................D....0..(....@..(u..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...(u...@...v..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_pl.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):55104
                                                                                                                                                                          Entropy (8bit):5.433825393956769
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:Uym9mn7KZHCCA7U8Gp6hNyb8E9VF6IYinAM+oP9LK5SIYiF9YjAM+o/8E9VF0Nyi:SUy3AIylEpYinAMx0YiCAMxkEU
                                                                                                                                                                          MD5:E73CF3871B41E0C59440C8D709CCFD75
                                                                                                                                                                          SHA1:8428813368197AEE8E3C2BF2104297476BC4608F
                                                                                                                                                                          SHA-256:AD124B0646894F3BFCB61D366D7BA5EDF4978766807B5422AD1778509231679F
                                                                                                                                                                          SHA-512:A31E82503BB3D8E1DB9EF4C1030ECD481396183CC64905FAF91E52F9C3E68469FDF3A850357AD70466D2810855D2B58E19B9302499D2547F85A610B1F8159FF5
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...C..e...........!......................... ............................................@.............................D....0..(....@...w..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....w...@...x..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_pt-BR.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):54592
                                                                                                                                                                          Entropy (8bit):5.4115414787256
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:UYnLplZcOZX8mNyb8E9VF6IYinAM+oP9m675zIYiF9cHymAM+o/8E9VF0NycBM8s:3bguEpYinAMxJiYiEAMxkEI7s
                                                                                                                                                                          MD5:0227D71A996FAB2B394DFB17A43F1F8D
                                                                                                                                                                          SHA1:DA6002C093911114035CBD5D7D29FA51E3DF2C45
                                                                                                                                                                          SHA-256:290A463B8B11E5F5C5D3BCC2B5B8D910721BA645E2B4B3AF951223F76610BEDF
                                                                                                                                                                          SHA-512:FB95F13C4AC6A7B8AD13F271EE3D93ABBD5E0713F0C0DE402D7B73EC82B483A26C6B071ED5521914E34E74AEF168F9FA0762801FB37EAD9D05CD3D675AE2CCFE
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...C..e...........!.........~............... ......................................W.....@.............................G....0..(....@...u..............@Q......$.......T...........................`...@............0...............................text...7........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_pt-PT.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):55104
                                                                                                                                                                          Entropy (8bit):5.392362813870133
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:UaAtOstnEx6ewB/Nyb8E9VF6IYinAM+oP9/KlAIYiF9J3ReAM+o/8E9VF0Ny1SX7:w/Ex/UDEpYinAMxGYiNgAMxkEC7
                                                                                                                                                                          MD5:962BFFC6EC3DA987471851A4240AEB61
                                                                                                                                                                          SHA1:BA1B8AFF4FACD861553039A256A7623ABF30CD66
                                                                                                                                                                          SHA-256:3BD318A0867F1C971DAAE6A96C6EF2A09FBFB15EC5B3706DA34453410EA1F4FA
                                                                                                                                                                          SHA-512:D975EE07C82CD658E4A3B6CF67BBD8FD41D989D718E5EAD479E0250BC3C66A933FD0E8B1DA468E0C906986AEE58E3C0F148E4F8A23B19121844F5847E1AE14D8
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...C..e...........!......................... ......................................K^....@.............................G....0..(....@...v..............@Q......$.......T...........................`...@............0...............................text...7........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....v...@...x..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_ro.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):55104
                                                                                                                                                                          Entropy (8bit):5.412695960496245
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:5nCRNNDM7qm0GdVqT541naEpEEpYinAMxmYiTAMxkE0:5VdVqlca67Hxm7Txo
                                                                                                                                                                          MD5:54B9FDA6AB88DC9EF0F0C8B19EA06CD0
                                                                                                                                                                          SHA1:C34D52741A8986FCF0991A4CECFE1B2A7C6E85AB
                                                                                                                                                                          SHA-256:1F00F564F1136096FBE58EFDB22E54923E090BA3392CDC51C837A7294A3FD5BE
                                                                                                                                                                          SHA-512:BEFDF3BAED01EA905751CCE248E854CDC43D5A9D77B2EBD27E68C297464A5A0AC1ADF739E8371F0C731A5A7ABB83E6FA227D11120F70D668113F69612D44B6E9
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...D..e...........!......................... ............................................@.............................D....0..(....@...w..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....w...@...x..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_ru.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):54080
                                                                                                                                                                          Entropy (8bit):5.578353591774595
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:tlWSFA47AvHlho4d2hNyb8E9VF6IYinAM+oP9Hn737IYiF9iFAM+o/8E9VF0NyfL:qvvHUlEpYinAMxF0YisAMxkE+No
                                                                                                                                                                          MD5:DD650BDAB776FD3239AAD311BC8CBBD3
                                                                                                                                                                          SHA1:583A340581B2A78DF490951FFE6A7BEEBB51BA11
                                                                                                                                                                          SHA-256:475B114201EC72F4EF26FC66B61AF438CE77F69E5E96D3CFC8FB00BA148AAC51
                                                                                                                                                                          SHA-512:862313704DFFAD1AF1FA72D8F9F1FE4757A9A1082BE41C78E5C307C56F36D986D1F5580922800050E08BB37ED2EB18A6FF629131199E41350A22EA230DD6DC9F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...D..e...........!.........|............... ............................................@.............................D....0..(....@...s..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....s...@...t..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_sk.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):54592
                                                                                                                                                                          Entropy (8bit):5.437717171626643
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:t4lmP8uhJPiR6gLTmNyb8E9VF6IYinAM+oP9AWB5BGJgVIYiF90xFNAM+o/8E9V2:uMF8RjuEpYinAMxlgqiYicFNAMxkEAR
                                                                                                                                                                          MD5:DC24DAA70A6551CD038929F3EC055306
                                                                                                                                                                          SHA1:99843D43C0CC3D4C76A5C817CA4DB49820820C65
                                                                                                                                                                          SHA-256:847440B8D60A11DCE3E254916E5CD926D58C9F06F0D95436B62FF9B9AAAEF4B0
                                                                                                                                                                          SHA-512:451C21F435A451CC4C47623D028B1CF3939CB59B9F9A6D6D71B2F94F9B4CFD487A8756ACFF27768B454F23F2D501E9AFC67E586F9C005142CBC712E5CEDC2D9C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...D..e...........!.........~............... ............................................@.............................D....0..(....@...u..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_sl.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):55104
                                                                                                                                                                          Entropy (8bit):5.399846673022657
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:tkcnTcshVyigOHHTpWBdH1i2IXousrNyb8E9VF6IYinAM+oP9z5XKiS9IYiF9JJd:v+hOHHy1YZsnEpYinAMxfXvYinAMxkEP
                                                                                                                                                                          MD5:FA0AFF0B7EFD37A6195AA454012095E8
                                                                                                                                                                          SHA1:EF4A3CA1608A8FD5DE56B2B94DBD46304480B375
                                                                                                                                                                          SHA-256:7580B1B666C4A6DE0EB5AD03DAFB2F9FB49AD148754A68611E9988ACBBA5023D
                                                                                                                                                                          SHA-512:FB5A73B6134F991FC2E5D9A82B747C821074BEF86A7651638FC0127BEEF78B817811BB00417168BB937F968D55D8356AC0D19C2B569A6B9B31A10531683466CF
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...D..e...........!......................... .......................................v....@.............................D....0..(....@..0v..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...0v...@...x..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_sr.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):54592
                                                                                                                                                                          Entropy (8bit):5.573738261423414
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:CT63FOxCx7UjYN3tGGNyb8E9VF6IYinAM+oP93kDWvSpIYiF94yIj/AM+o/8E9V1:D3TUj+dGOEpYinAMxoCYi8/AMxkEq34
                                                                                                                                                                          MD5:D5D54965E6FB81875F2FCEA8F21515BA
                                                                                                                                                                          SHA1:87F22E6FA6D34CAA26CAF427D5F339880496EFE1
                                                                                                                                                                          SHA-256:759CC7CC96EA181926AF2F6B274CDB9BF63E329FC32A7A1C10B4CFDEE786F2A6
                                                                                                                                                                          SHA-512:308068EB57F007A4674BF5D90C9410BACC715E4AE537ADEC4CAF7F6837544D5526C676BEB2B1488090E7D9F4E966F030709C2934DE3A64E0A9059CE49D1F6A14
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...E..e...........!.........~............... .......................................x....@.............................D....0..(....@..Xu..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Xu...@...v..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_sv.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):54592
                                                                                                                                                                          Entropy (8bit):5.415346681858155
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:CeC7xC7Ec3EINyb8E9VF6IYinAM+oP9Up1XIYiF9+kAAM+o/8E9VF0Nyu7:E7xCYc3EgEpYinAMxqOYioAMxkEG
                                                                                                                                                                          MD5:9C09AE8A870215FF9CF80F09D44F5610
                                                                                                                                                                          SHA1:2EE0328D7617A3D5A46C432DB2AE8BA2D335CB10
                                                                                                                                                                          SHA-256:49FDD7A5FA81697613F0495EA9E6025FFF84565184A1F3279CA42B166920F1E8
                                                                                                                                                                          SHA-512:7351B3955F0F881329DCD209841C84A05E0A2C2472FBF1B9F70505D4CE4A6A5FD612D45F3E11E917AB4D086E3B0C1CC7429238EC6DB6DBC879ECD9F3B8340B1F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...E..e...........!.........~............... ...........................................@.............................D....0..(....@...u..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_sw.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):56128
                                                                                                                                                                          Entropy (8bit):5.425300372554538
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:CL9FgicgiY7upr4M5aNyb8E9VF6IYinAM+oP91k+DrpIYiF96sAM+o/8E9VF0NyU:QFQ07Gr4M56EpYinAMxwYiJAMxkEUh
                                                                                                                                                                          MD5:1048D12C5DAA3492E2CC9060BC6AD9C4
                                                                                                                                                                          SHA1:50051ED23E19D842EB6C9162F537E7C20185ADE3
                                                                                                                                                                          SHA-256:9123A236243EC5508DB14A4E4E5B2BF3DCA077A6F6A85D24730D0A60A7B10518
                                                                                                                                                                          SHA-512:F9F6FF586A13CB32281234478A9F7CE2C6222EB94029EBC448815A5083E0303FC7CCA26F03E38575D449E81869817425F9AB2FF321D6A7EA5EE2EB0F99FB6C7F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...E..e...........!......................... ......................................<V....@.............................D....0..(....@...z..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....z...@...|..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_ta.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):56640
                                                                                                                                                                          Entropy (8bit):5.625808123733913
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:KmHY51ZLm+4HwpEpYinAMxRBYinyxAMxkEqw:K27Hxb7+xmw
                                                                                                                                                                          MD5:795ACCE152FDF555FC5F0CBDC21BAC4A
                                                                                                                                                                          SHA1:B3A5F664D53813E69E33B4AEC327D8121E6066D9
                                                                                                                                                                          SHA-256:F22F4C4B011B9989D73F0EF16D85F9AA5471CC03394C99FC6D74C401ECA88700
                                                                                                                                                                          SHA-512:92638A7BD5962C44F3B21864FFBA114EF82B66334735D247B53ECC3A980C1208F597260547A2B9DA938C6D9D9BEF37AE94D5F6AF0683E0D551E6285D7FAE5769
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...F..e...........!......................... ............................................@.............................D....0..(....@...}..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....}...@...~..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_te.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):56128
                                                                                                                                                                          Entropy (8bit):5.591538654163846
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:aVo3N5ya+LDQEpYinAMx7i+HCYi0GzCAMxkEX:aVo3Ip7HxI70LxD
                                                                                                                                                                          MD5:CB8793AEC04A19877FA3702EDA7C9416
                                                                                                                                                                          SHA1:7771A48AFE1B50C03BAE7D98090929753177C9DE
                                                                                                                                                                          SHA-256:FA58B434E5253B28091CE425EC9296E499241CFC24992E1592154FD1EC449819
                                                                                                                                                                          SHA-512:577EE217E15379E1523FA72FD995E450FE7DAD262E299B594CDC6A8455DCD5002454B84695BCB3B3370DFB03C0B540B931FFF2C43AC50311FB5E95CD9A76219F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...F..e...........!......................... ............................................@.............................D....0..(....@...z..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....z...@...|..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_th.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):53568
                                                                                                                                                                          Entropy (8bit):5.6119616279583715
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:TjlrGszNMfetNgEpYinAMxwKYi6AMxkEyI:TjlrGs+fetn7Hx774xWI
                                                                                                                                                                          MD5:36FF03BB1A029CF62E2FBC0112AB1E1C
                                                                                                                                                                          SHA1:C6BF4C0E47941019999722F1E57346498AF0A79A
                                                                                                                                                                          SHA-256:0F6B55613060D527AE41D5BCF5F34F50BD668BA57F9D4D2521EE7DAB2D053C02
                                                                                                                                                                          SHA-512:08AF745E330ABD384BF06468A2C1A7F6221B0A6C1A9452031FCB4076959C51EB912269EFF77E71F55BFB41C2BE1967A9373B224522ADF856E07B48593E68A92E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...F..e...........!.........z............... ............................................@.............................D....0..(....@...p..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....p...@...r..................@..@.reloc..$............~..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_tr.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):54592
                                                                                                                                                                          Entropy (8bit):5.448739449189127
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:Jip9ABk6qXQEdmvgh3FGk+G9Ahrx++BzQSX/EpYinAMxlDCYiZ+mAMxkEPo:JiZhdmvMFGkSxLQK47Hxg7Zxx0
                                                                                                                                                                          MD5:96C569C1FF875B897A2EBDDD3BCEE40B
                                                                                                                                                                          SHA1:44F8019C435ECBC1B00E8F1223ECE6C42F1E9976
                                                                                                                                                                          SHA-256:9682AF6D55EB930C650D69D7ECD4A6101681425F4821333C4513916AE57CC14D
                                                                                                                                                                          SHA-512:4E6521B28184AB8D09D45FD30E96F3703ADE7F495211380DB0BA79F0372CD834861165B9D66D8CDD0A036850C9866203A6EE60642B80DB4F89D7037BA56C8BC2
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...G..e...........!.........~............... ......................................$.....@.............................D....0..(....@...u..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_uk.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):54592
                                                                                                                                                                          Entropy (8bit):5.574026643245629
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:QxZMuKgHWyC2EeovVHE/GfuQNyb8E9VF6IYinAM+oP9+Z9BIYiF90+1AM+o/8E92:UMu2uoEpYinAMxkWYixAMxkEw
                                                                                                                                                                          MD5:BB5F78643FDFBB3600ABB2D4529D857B
                                                                                                                                                                          SHA1:95F987F0237584B8428470EF8A34774CB18E83DE
                                                                                                                                                                          SHA-256:2D701243EFCC415F101A68D9A80BD1F93718DF906C5A9DF94B7C7210A72EEFA4
                                                                                                                                                                          SHA-512:98A80DC74B3A7FAA06401299E2260D6E5801F30C0066F6F4F3BE0B66D432E36FB72044038B839019B0EC37FB8B7317046DD69E74F2E97A7C3CA1DB277891345F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...G..e...........!.........~............... ......................................@.....@.............................D....0..(....@.. t..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc... t...@...v..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_ur.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):54080
                                                                                                                                                                          Entropy (8bit):5.583323336112305
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:avoo+OmAcoWACeesYQEpYinAMxYn/YiGAMxkEj:am7HxG70x3
                                                                                                                                                                          MD5:0E98103A45EBECEDAE05F0EB6BB4AE6B
                                                                                                                                                                          SHA1:4FD5E0061553B702FC058A1052B6A0CE58F470D7
                                                                                                                                                                          SHA-256:B5931F32C31EFFB7FC90F95CD27481DB36B6BDB31FBB982CA787794D7E51F892
                                                                                                                                                                          SHA-512:DC37D909B89017BB2395D8C809D65427AE8C485075FD4D725D3A9BB636A43E0540DA712026CED6BD59BD634743C3A10471D2D7FBBAAF962BAFFFB52DE7F845D6
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...G..e...........!.........|............... .......................................'....@.............................D....0..(....@...s..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....s...@...t..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_vi.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):54080
                                                                                                                                                                          Entropy (8bit):5.499322127248548
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:ZF7ysKFjncHNyb8E9VF6IYinAM+oP983nX18hIYiF9nX/qAM+o/8E9VF0NynU:LysKVcrEpYinAMxmnzYiKAMxkEG
                                                                                                                                                                          MD5:7A22F812F92B7F00EF38A14A70BE3F82
                                                                                                                                                                          SHA1:F1D265A2C835DCDD6225889E895EEDB7094943A2
                                                                                                                                                                          SHA-256:B3886AF3ABCF6880516189F822DB806524564AAB38F7F9C8AF9052F632BFEA0B
                                                                                                                                                                          SHA-512:4B82DDE7A1FBC563D7000A034AD943B7AC562CDC8757A70E1899FB418BB7EB3632A6E2BB8227F296DA503EAF16FA3398529CA7781AF606DFC31060E71CF999C5
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...H..e...........!.........|............... ......................................x.....@.............................D....0..(....@..Xs..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Xs...@...t..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_zh-CN.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):48448
                                                                                                                                                                          Entropy (8bit):5.620247349904402
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:ZAURXZshAWB8Nyb8E9VF6IYinAM+oP9QNA9BPxo0IYiF9YU2AM+o/8E9VF0NyZg:HEAWBcEpYinAMxQYi6AMxkEk
                                                                                                                                                                          MD5:66B5ABEC8E4B2CABF62B68BD265A48B9
                                                                                                                                                                          SHA1:5CA58A3B929FC41E617F4CD205317B86E5346642
                                                                                                                                                                          SHA-256:BBEADD3AF22684259C95C463660AF9C35BA150A00A823B419DF4C633BD1B53CD
                                                                                                                                                                          SHA-512:F6958C4D687040E17B9A85DC59F26FF2E4B9321D05165946C744F97AB6D29ACFDC8DC531C3B68A25BEFF13BB566D73DC6FD95DA0A292B24F013C0270A27B0137
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...H..e...........!.........f............... ............................................@.............................G....0..(....@...]...........l..@Q......$.......T...........................`...@............0...............................text...7........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....]...@...^..................@..@.reloc..$............j..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\goopdateres_zh-TW.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):48448
                                                                                                                                                                          Entropy (8bit):5.631167984677434
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:ZuHOldGBiuNyb8E9VF6IYinAM+oP9Hs4S4U7IYiF9cO/TqlAM+o/8E9VF0Nyq2:fg5EpYinAMxeEYiV/TqlAMxkE3
                                                                                                                                                                          MD5:7B02084502F62AB08E9F4DDEE91A3068
                                                                                                                                                                          SHA1:4588AC3DE96A3DE4E11E0DF0079C58D45208BD8C
                                                                                                                                                                          SHA-256:8F04BB3D46A4BC4EB58A250296F6B8C97CA37FAC73319D7C7BD8D89CE9AC098B
                                                                                                                                                                          SHA-512:131FC0928334771CFFEA4CB4AEDF7E993CFEA819E492033601F5025C31C900413E9E534B5982040147B2D4F3EDBB764D588E78EA217DB0CA8C34FA3550EEDD55
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...H..e...........!.........f............... ............................................@.............................G....0..(....@...]...........l..@Q......$.......T...........................`...@............0...............................text...7........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....]...@...^..................@..@.reloc..$............j..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\psmachine.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):282432
                                                                                                                                                                          Entropy (8bit):6.580618907494474
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6144:eRGm4nC4FXoZGxrxAO0e8x5q9Sj/aazvo:eGm4nXFXoZ4qeK5hZo
                                                                                                                                                                          MD5:B5BDDAF2C405EE17FAF06640D0F27397
                                                                                                                                                                          SHA1:4FEAD2DC9C066B21C99ACF1646D63A457E5587D0
                                                                                                                                                                          SHA-256:94B5ADE4D93F125632A7C8DBF79F99DEA877C28C2F40A9CA47C3C660A822CE4F
                                                                                                                                                                          SHA-512:D620835B8A46E2F0363B2FD1D0A38D58E4BAAA32F1B2DA0F8B9AB8286E031A8B4CA9077C53F88881ED827488C104D1EE099074A2FB7E4A786E8D12901EB4D2BA
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............A..A..A...@..A...@}..A...@..A...@..A...@...A...@..A...@..A..Ap..A...@..A...@..A...A..A.`A..A...@..ARich..A........................PE..L...=..e...........!.........................@...............................P......P.....@.........................@X.......X...........h..............@Q... ..T)...G..T....................H.......H..@............@..|............................text............................... ..`.orpc...c....0....... .............. ..`.rdata...,...@......."..............@..@.data....2...p.......P..............@....rsrc....h.......j...j..............@..@.reloc..T)... ...*..................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\psmachine_64.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):359232
                                                                                                                                                                          Entropy (8bit):6.269305509202009
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6144:YgW2y+X80/lGibh/Y7+Vkm5RVsMwbQYohXbBW+15qqpj/aak:/LX8klGibhA7+VlRGbQYobt5/q
                                                                                                                                                                          MD5:7931008AC869E46D780872FDE1ED4328
                                                                                                                                                                          SHA1:37B92B318D5252DDC9CAD22BCC37378124BB92CA
                                                                                                                                                                          SHA-256:971C492072C6E6E6DDB0B8584059E9AF58F3B089DECB151FD860599E818AD1FD
                                                                                                                                                                          SHA-512:E1A69A6DBF917D336F93783CB60D4D8FE5D7A2A15B2C993AA27A63DD87CFCE235BB4C9D7EC46359BA65C9D610D6CB369EA3BE5058192410C93C36B73B585A579
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........2c..S..S..S..c!..S..c!...S...&..S...&..S...&...S..c!..S..c!..S..S...R..z&..S..z&..S..z&..S..S..S..z&..S..Rich.S..........PE..d...B..e.........." .................D....................................................`..........................................\......4]...........h.......%...*..@Q...........1..T....................3..(....2..8...............8............................text............................... ..`.orpc...$........................... ..`.rdata..>...........................@..@.data...LM.......(...\..............@....pdata...%.......&..................@..@_RDATA..............................@..@.rsrc....h.......j..................@..@.reloc..............................@..B........................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\psmachine_arm64.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) Aarch64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):327488
                                                                                                                                                                          Entropy (8bit):6.0919814113297415
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6144:MeyV9fNJmbkqhyVVVz6a+/hRy3LZkMyeRobT28r5RIf7Kj/aaLA:fyDB/IMlG2k5au6
                                                                                                                                                                          MD5:8A08A9BBC3817967911FAEBB23D3892B
                                                                                                                                                                          SHA1:41D7426E52AF9E489767A87BCB3B1D0D10992BE3
                                                                                                                                                                          SHA-256:DF412FE80FB7C2DDA4FC6067641D8A86C53A98C8E8AF2712D657AE8610AE7646
                                                                                                                                                                          SHA-512:F5C77E3DA56FD9C9171EA04B2F28D20EB1B62EA82AD0CCE371896AF592E7B6023FC478343A4481F1D73678425257AFCE8A8A591F724E90CCB57EB72CEAF0B8DE
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................."......."...n......................."......."...........E...;.......;.......;.Q.......9.....;.......Rich............PE..d...c..e.........." .........(.......q....................................... ............`.........................................0....................h...p..H.......@Q..........p...T.......................(.......8............................................text.............................. ..`.orpc... ........................... ..`.rdata.. D.......F..................@..@.data...,K... ...(..................@....pdata..H....p......................@..@.rsrc....h.......j...0..............@..@.reloc..............................@..B................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\psuser.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):282432
                                                                                                                                                                          Entropy (8bit):6.580127272835487
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6144:2RGmVviIKXox+xDvAOlXMx5qNSj/aazvVP:mGmVv3KXoxefX65hZl
                                                                                                                                                                          MD5:51529BD404AD6A93BACC2FAA88376CA9
                                                                                                                                                                          SHA1:1891AFC0ADAD2250EB4F36988651039BC975BC52
                                                                                                                                                                          SHA-256:ABAD43AD3E27D1E6C8611AE285AD1A7C96127DF36B98DC2FE5674B511B62421B
                                                                                                                                                                          SHA-512:D8F63D61B6BD040FE03A14AE5DBACE73B929E9781EC64A359BF2A832F564DF6D096F0231AB0F408B60C9A6FEA1BD00B15DC0B58152F718C36F3FFA48CF661652
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............A..A..A...@..A...@}..A...@..A...@..A...@...A...@..A...@..A..Ap..A...@..A...@..A...A..A.`A..A...@..ARich..A........................PE..L...F..e...........!.........................@...............................P.......^....@.........................@X.......X...........h..............@Q... ..T)...G..T....................H.......H..@............@..|............................text............................... ..`.orpc...c....0....... .............. ..`.rdata...,...@......."..............@..@.data....2...p.......P..............@....rsrc....h.......j...j..............@..@.reloc..T)... ...*..................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\psuser_64.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):359232
                                                                                                                                                                          Entropy (8bit):6.269345224951521
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6144:xgW2yufk0/lGibh/Y7+Vkm5RVsMwbQMohQbwfE15qArj/aa/:ObfkklGibhA7+VlRGbQMoJ25z/N
                                                                                                                                                                          MD5:0259892D2CB710C05CFFCA79F9686FA0
                                                                                                                                                                          SHA1:185CB66A76CD7B26AD2EAFFF6B1222A7B6C0F309
                                                                                                                                                                          SHA-256:843DFFA160083155BCC046EBD3C99FA035044156C203A7AE191C629CD83A0EF7
                                                                                                                                                                          SHA-512:F9A0A25C5D95584055E097593F42FCA04BB4A80BA48A5AC0D592C88273D90896AEB4C975DE72CCB93886209AFFF3F18D771CA7D948AF5BB03B277250D5ED1A97
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........2c..S..S..S..c!..S..c!...S...&..S...&..S...&...S..c!..S..c!..S..S...R..z&..S..z&..S..z&..S..S..S..z&..S..Rich.S..........PE..d...K..e.........." .................D....................................................`.........................................p\...... ]...........h.......%...*..@Q...........1..T....................3..(....2..8...............8............................text............................... ..`.orpc...$........................... ..`.rdata..&...........................@..@.data...LM.......(...\..............@....pdata...%.......&..................@..@_RDATA..............................@..@.rsrc....h.......j..................@..@.reloc..............................@..B........................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\psuser_arm64.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) Aarch64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):327488
                                                                                                                                                                          Entropy (8bit):6.091915599984797
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6144:0eyV9fNJmbkqhyVVVz6a+/hRy3LZkMyeHo+TAYr5RIf7Kj/aamO:3yDB/IMlpAw5au/
                                                                                                                                                                          MD5:8C35995DEDA169AF62A83A5F302C9EB1
                                                                                                                                                                          SHA1:A45BE3269442DFC9A4D89EFF0003E2292349C2CE
                                                                                                                                                                          SHA-256:0C5845A003CE6480B24712459725581839E36B00514DA26D4214853107E090D0
                                                                                                                                                                          SHA-512:2D660FB5CEE6C99E3A6AC54872D0F404E9F7A21B141FBCC067BE40EECDEAE29AC2D1E5141211CFB704EE70BDE40C4D5336E3538F0883143245B90BBBB82F63D8
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................."......."...n......................."......."...........E...;.......;.......;.Q.......9.....;.......Rich............PE..d...g..e.........." .........(.......q....................................... ......6.....`.........................................0....................h...p..H.......@Q..........p...T.......................(.......8............................................text.............................. ..`.orpc... ........................... ..`.rdata.. D.......F..................@..@.data...,K... ...(..................@....pdata..H....p......................@..@.rsrc....h.......j...0..............@..@.reloc..............................@..B................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Temp\GUTCC5F.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File Type:POSIX tar archive (GNU)
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):8161280
                                                                                                                                                                          Entropy (8bit):6.460371542708208
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:98304:haO8k3+oXktjNk4rljVNlKgI8YUQyn1XoJ0MXoY0jdazPbc3CkS:bSttjTjlMQ4Jg6YCk
                                                                                                                                                                          MD5:C69E8BD5630DF92574407BB3E2C583B1
                                                                                                                                                                          SHA1:E69D3D9BF35F7D68D36C62A6318DE932835A260C
                                                                                                                                                                          SHA-256:84833AD5A43C284CF9136BCD0387F87F5F57A50E3FD36D36B8D67CE4CE5207B7
                                                                                                                                                                          SHA-512:232EE15039E0C3C407A60F77E058C5BAA2D052919EAB8CBE8E48691AE783F5FEA1671687ED2A0E988F5596750298F49DE4B7DB49D89FC1C07B4F42B67509E3E8
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:BraveUpdate.exe.....................................................................................0000777.0000000.0000000.00000526500.14572006453.012136. 0....................................................................................................ustar .................................................................0000000.0000000........................................................................................................................................................................MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........m....A...A...Ao..@...Ao..@2..Ao..@...A..@...A..@...A..@...Ao..@...A...A...Av..@...Av..A...A...A...Av..@...ARich...A........PE..L...)..e.................<...(.......z.......P....@.................................A.....@.................................`q..x.......0............\..@Q...... ....^..T...................@_......X^..@............p..\...........

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):302912
                                                                                                                                                                          Entropy (8bit):6.698956223631608
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6144:vwZfu+xXz86yji7+7tzuk3vbOtQtAO4D5eUdRx+Euqu7:GfuKXznyjiC75uk3CQtWD5Xx+ERu7
                                                                                                                                                                          MD5:565DAF0070618C3BBB1D486B0D5A70FA
                                                                                                                                                                          SHA1:3DF3AE144DB804EAF83BC0B89ED847380D476078
                                                                                                                                                                          SHA-256:03E2EA9C1BE863F1BD007AE03C06BF3187751A00ED0CF7C4DEB3750951E5B960
                                                                                                                                                                          SHA-512:DED5E2D3D3CA1198A576A0947127F584156919CAE2D67A688B90EBAF11C2AD8E2C50A494052245DB8A2423F90F037886A70AE2AE42EAF3122E1B1E53699FA176
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......._[HC.:&..:&..:&..H%..:&..H#..:&.IO"..:&.IO%..:&.IO#.H:&..H"..:&..H'..:&..:'..;&..O/.@:&..O...:&..O$..:&.Rich.:&.........................PE..L......e.............................h............@..................................Q....@..........................................0...2...........N..@Q...p...$......T...................@.......h...@............................................text............................... ..`.rdata........... ..................@..@.data...t(..........................@....rsrc....2...0...4..................@..@.reloc...$...p...&...(..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandler64.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):397632
                                                                                                                                                                          Entropy (8bit):6.440229620666291
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12288:/+n1e0P+GDRxRwwbClZ+jam+oAI5BciIx+U:/+n1e02axRJam+S5upxn
                                                                                                                                                                          MD5:22DB9D0D4FEC050C0420274D3073994B
                                                                                                                                                                          SHA1:46FAC4589B3FCEDA6076A36CC3D3E422C05FCCDE
                                                                                                                                                                          SHA-256:00FF35AA88B2E1C9C271365A93B019CDD3A4ACA593642712B694628D45A12C8C
                                                                                                                                                                          SHA-512:C22C6656073B7EC51390D900ED40C6AACB0BB19134BD210E17E1D7A2C27069A33CAABC7AF76D50DEE6BF73EBA982F31DB8AE0509CA5690D2E4A07E675C471D1C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}...9...9...9.......2.........k...+...k...3...k...l.......,.......&...9..........b.......8.......8...Rich9...........PE..d...O..e.........."..........(......X..........@............................. ............`.................................................H3...........2.......,......@Q......8.......T.......................(.......8............................................text............................... ..`.rdata..............................@..@.data....6...P.......>..............@....pdata...,...........P..............@..@_RDATA...............~..............@..@.rsrc....2.......4..................@..@.reloc..8...........................@..B................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveCrashHandlerArm64.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32+ executable (GUI) Aarch64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):372032
                                                                                                                                                                          Entropy (8bit):6.290860581824482
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6144:KfMOKV6tGrZeRIigzy/zIdNyPKxtJiD6eJj3tXPPx0t1Nosmj1c5e7QTQx+4:atAZNzif5fsm25t8x+4
                                                                                                                                                                          MD5:C8208EF35D885AF836E6740CB411BDB7
                                                                                                                                                                          SHA1:82CD43B3E74C519AB6AB9E2495C0E217F61D246A
                                                                                                                                                                          SHA-256:780FEDCD87E2AFC1A64EA295EA1A940EA69F74B43C625B6C85C0EECFD4142472
                                                                                                                                                                          SHA-512:010DD5C202E313D53DCCF86964A86D5981723A28BFD64B78752FD135DEB90763A93E04A9373136DDDB19EB6109AA540EF4E30F826DF7C02EC735A65676673A88
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........G.........X......X........................X......X.........N..A......A.B....A......Rich...........................PE..d...Z..e.........."..................R.........@..........................................`.................................................H........p...2...P..8....\..@Q..............T.......................(...@...8............................................text...D........................... ..`.rdata...(.......*..................@..@.data....4..........................@....pdata..8....P......................@..@.rsrc....2...p...4..................@..@.reloc...............P..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdate.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):175424
                                                                                                                                                                          Entropy (8bit):6.036513000632513
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3072:cQPidj5By4/EeaZL8Z0BFri9WSfWJVVqH9B+bCe5kNtupnu0D6EDpf34fdjdEcRh:heaCSgfuqdB+i48
                                                                                                                                                                          MD5:7ACF578621988C8B80F4D7EF7A12B89F
                                                                                                                                                                          SHA1:184A42476F12A89731F608C7198E47BFC35A8364
                                                                                                                                                                          SHA-256:633B554A26AD05C06DFE33A50F6D69E9160207F3168E15FFD3CB5652B1E8E9D4
                                                                                                                                                                          SHA-512:DDB593D8A6BC515DCA7A4EADB2F50C28C8E61E9A829186BE9B9E8B19371E969FE055104DEFFD8CD5CD9B48F2468EC8B3D7BF6AEE45079E445D3FE42696E2D5A2
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........m....A...A...Ao..@...Ao..@2..Ao..@...A..@...A..@...A..@...Ao..@...A...A...Av..@...Av..A...A...A...Av..@...ARich...A........PE..L...)..e.................<...(.......z.......P....@.................................A.....@.................................`q..x.......0............\..@Q...... ....^..T...................@_......X^..@............p..\............................text...4;.......<.................. ..`.data........P.......@..............@....idata..P....p.......J..............@..@.rsrc...0............T..............@..@.reloc.. ............J..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateBroker.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):116032
                                                                                                                                                                          Entropy (8bit):6.62560704966013
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3072:oHsWPr3K6NL3FBqrx0LHu9eU53kB+XmkM/UTmG:usWG6l/q33kB+5M/BG
                                                                                                                                                                          MD5:612BFE378FBE209AC8584AE27640A97A
                                                                                                                                                                          SHA1:235AEA9A968A37CFCC8FD2C25C167EE3F8091607
                                                                                                                                                                          SHA-256:CA510F6779F14699708EA640175D8CEF89388D07BE2435D22775FC078C483E0D
                                                                                                                                                                          SHA-512:787A576E993E8D58F96EB2B0428B02AC318EABD249DCAFF26E87E6F01282CB407879D8BF280BC398D90D2EF822FDF4D11371BC732F12D8085C50DAF7F8D97407
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."...f.Hf.Hf.H...Il.H...I..H...Ir.H4..I@.H4..Iw.H4..It.H...Ic.Hf.H5.H...Ig.H..LHg.Hf.$Hg.H...Ig.HRichf.H........................PE..L...2..e..........................................@.................................M.....@.................................T8..<....`..x2...........t..@Q...........-..T...........................`-..@............................................text...s........................... ..`.rdata...^.......`..................@..@.data........@.......&..............@....rsrc...x2...`...4...0..............@..@.reloc...............d..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):195392
                                                                                                                                                                          Entropy (8bit):6.420855633369088
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3072:INA1+FyhLMnQtMIHh1a/r8/kGgTWZi1vnoY46u8sOMRzy+jGre:OAowhLMnQtMIB1a/ospTbohL5y+yK
                                                                                                                                                                          MD5:F2CA542F38E6B51EDB9790369117F54A
                                                                                                                                                                          SHA1:BC2E23A3FE66D39153CE5334F25FB218D9CE4FC0
                                                                                                                                                                          SHA-256:ABDD09D0B7A2718FDA3FED25F0C404F228BABD83AA59148AA40BD0E4E9A937D1
                                                                                                                                                                          SHA-512:07992FDB6B98940D403BE1AE6A7D49706EE198DF3A18771C330CB4703C4C9E83D519B23FE5CB4B1A117E7B70BBED7EB159F962AC1D7F942C8358F8DEA7F770BB
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........d..t7..t7..t7}.w6..t7}.q6..t7..p6..t7..w6..t7..q6..t7d.}6..t7}.p6..t7}.u6..t7..u7=.t7d.q6..t7d..7..t7d.v6..t7Rich..t7........PE..d...9..e.........."......r...X.......P.........@............................. ...........`..................................................{..x...............@.......@Q...........^..T....................`..(...p^..8............................................text....q.......r.................. ..`.rdata...............v..............@..@.data...@2...........p..............@....pdata..@...........................@..@_RDATA..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShellArm64.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32+ executable (GUI) Aarch64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):154432
                                                                                                                                                                          Entropy (8bit):6.173383322052518
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3072:VkKhe7NGODfqGfusU730roSnXvnaaDSNcp/:hhmNFDfXfusAxSDSNK
                                                                                                                                                                          MD5:F0DBBAC441C6232C55D5275C77A77DD4
                                                                                                                                                                          SHA1:6AA9207B5E119091948CF286A98138E1D9B0ACE8
                                                                                                                                                                          SHA-256:1B9A4836FD73243ED7B472D71344CFE103760413334D0E5B947C87832332CC2A
                                                                                                                                                                          SHA-512:9FA2CEDEC9AD950624B9782F6E47B322966605A6E412034471C0C8AE52CFBA894078F53671BB6F9B72C2D9584EA879A028EE37341A694443F1A517658B4DA4E7
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|.8.8pV.8pV.8pV...U.:pV...S..pV.j.R.+pV.j.U.2pV.j.S.kpV..._..pV...R.#pV...W.!pV.8pW..qV...S.9pV.....9pV...T.9pV.Rich8pV.........PE..d...^..e.........."......2...........i.........@.............................p............`.................................................H...x....P.......@..........@Q...`..T... ...T.......................(.......8............P...............................text....0.......2.................. ..`.rdata..v....P.......6..............@..@.data...80..........................@....pdata.......@......................@..@.rsrc........P......................@..@.reloc..T....`......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateCore.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):224576
                                                                                                                                                                          Entropy (8bit):6.731913745591885
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3072:XvFYwxiy+jCOCx2FssbcF8RLcul9+2+xwEJAg0FuRxqD2YqMR5+oZmYex+n1+P1/:XNYwBOPfbcF8qVtAOOTR5z5ex+sN
                                                                                                                                                                          MD5:6E63E263EB7CB0A31F4800D274BD3936
                                                                                                                                                                          SHA1:89F0AF0FB5DE7288DB94A6B4DEFB9BB474216989
                                                                                                                                                                          SHA-256:9D8EBA8007E48AE1FFCC28129AB894814F844AB5C5D1543A3C8CF863C0F88A47
                                                                                                                                                                          SHA-512:55C74E7F32E6CE21670BBA7003EBB00AC7A121A3A11B535F98D1AC3D35D1893449CA078FD093FFFCFD7547F99DB167ACAFB427F0057ABAA9115382BB0315998E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........bm...>...>...>^..?...>^..?*..>..?...>..?...>..?...>^..?...>^..?...>...>...>G..?...>G..>...>G..?...>Rich...>........................PE..L...T..e.....................`......v.............@..........................p............@.................................T............2..............@Q...P......@...T...............................@............................................text............................... ..`.rdata..............................@..@.data...l&..........................@....rsrc....2.......4..................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:modified
                                                                                                                                                                          Size (bytes):116032
                                                                                                                                                                          Entropy (8bit):6.626583684028364
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3072:yPMWPuHKCqLXFBqrG033M+tZnkB+XmaLNrfei:MMWtCYfqVnkB+PLNh
                                                                                                                                                                          MD5:088EBFFD13539DBEF1204243C3558999
                                                                                                                                                                          SHA1:4E2302B2008CD8CCA7DAECBB13D42931971890E2
                                                                                                                                                                          SHA-256:79BAB0D36F4682194C20694F67F1B716438E7EAFBDBB83D9681259A41276D857
                                                                                                                                                                          SHA-512:55A671BF0BAA2407D14872AA3ECAA485D2FC267AA57374A1E0871B5060372F8989FFF8444B65BF256A45D9B92568F9B69F759F8B1E5DACE94EE91FB0A7774F03
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."...f.Hf.Hf.H...Il.H...I..H...Ir.H4..I@.H4..Iw.H4..It.H...Ic.Hf.H5.H...Ig.H..LHg.Hf.$Hg.H...Ig.HRichf.H........................PE..L...4..e..........................................@.................................,k....@.................................\8..<....`..x2...........t..@Q...........-..T...........................`-..@............................................text...s........................... ..`.rdata...^.......`..................@..@.data........@.......&..............@....rsrc...x2...`...4...0..............@..@.reloc...............d..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateSetup.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1446992
                                                                                                                                                                          Entropy (8bit):7.913845028849878
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24576:w2hOU0p4qlWfBTfmRfanIT6lUScOWFohEp6Vvn6qtndPVmatCkbpmp:zhOJpP4JTm5T6lkFohDB6sndPVa6g
                                                                                                                                                                          MD5:E3E7498C2436A1570109FBE755AF1D40
                                                                                                                                                                          SHA1:D7FB79F465D2C87EF22088327B5BFB73899FDF7E
                                                                                                                                                                          SHA-256:498E27ED4E5BB584672992F459C0E51CD1E7345889DFF1521CCF577B13ED6313
                                                                                                                                                                          SHA-512:4DD6025D4EBD1D4EDEEC077EE39E8704D2ED04FFD5F7AD83934A2ADA8D0E3AEFB15841B36AD0454E0C2CD6BE12E13B2015DE322D27059CB2FEA8BB7F4A247096
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........V........................Z.....................................................................~.............Rich....................PE..L...!..e.............................i............@..................................\....@..........................................P..<g..............Pt..............T...........................8...@............................................text... ........................... ..`.rdata..B...........................@..@.data...T....0......................@....rsrc...<g...P...h..."..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateSetup.exe:Zone.Identifier

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):26
                                                                                                                                                                          Entropy (8bit):3.95006375643621
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:ggPYV:rPYV
                                                                                                                                                                          MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                                          SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                                          SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                                          SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdate.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1116480
                                                                                                                                                                          Entropy (8bit):6.768405587681001
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24576:JYCOm/qiJZz4j02iDtjNDhSRXaD5O5sHG4reqc8fvT2bz9cjclU:NO8Z0jniDtjNE6Y4rNvTkz9cjclU
                                                                                                                                                                          MD5:36C7B693D057C28F237E57964DC3D785
                                                                                                                                                                          SHA1:468394D765AC4EA8A92C4B673D4A10C6DAA1CDBE
                                                                                                                                                                          SHA-256:A718ECF01E9E995A189A6A0F9F6367ECAFECEB7BDA16705E8B7037AB844E51C5
                                                                                                                                                                          SHA-512:6F3220C27BF9D44BCBA0AB1457543D29E1DD8381541624B81045D868813D5EE647035B42761A9F53D25DBFB5D00F598254E1BAF51816052929E637ED793C8E45
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......r.Y.6.7.6.7.6.7...1.7.7...0.7.7...4.'.7...2...7....4.7.d.3.'.7.d.4.!.7.d.2.y.7...3.,.7...6...7.6.6.W.7...>...7...7.7.7....7.7.6.....7...5.7.7.Rich6.7.........PE..L......e...........!.....R..........}........p............................... ...........@.............................T...4...........................@Q.............T...............................@............p...............................text...qQ.......R.................. ..`.rdata..4....p.......V..............@..@.data....X...P...4...(..............@....rsrc................\..............@..@.reloc..............&..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_am.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):53568
                                                                                                                                                                          Entropy (8bit):5.575420072105715
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:AR+H4k4+J2HNyb8E9VF6IYinAM+oP90at2rIYiF9qmPd9AM+o/8E9VF0NyKz7P:jHZJOEpYinAMxBYiLPzAMxkEkn
                                                                                                                                                                          MD5:550A1B340AB88809669FD17EC434561A
                                                                                                                                                                          SHA1:0F6C12C069746DB4AC01DA97185E090FF509C546
                                                                                                                                                                          SHA-256:3C113F4FF22B63D42E4B3351EA2952DBB1842655DD52F0F84951961CA7C303E7
                                                                                                                                                                          SHA-512:5AD6E4B96196B15FFCFBD189AEF474DDDDBE5E6AC3FBC49BE7EA9C99A39D8F8C38FDBF7C6D0FE20B1FF0048A2E8E0BB94631FE718C507301837B9347B3A3257E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...7..e...........!.........z............... .......................................H....@.............................D....0..(....@.. q..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc... q...@...r..................@..@.reloc..$............~..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_ar.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):52544
                                                                                                                                                                          Entropy (8bit):5.5725435735274305
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:J0ovtkCLu+JG8Nyb8E9VF6IYinAM+oP9VtdzACyIYiF99OAM+o/8E9VF0Nydh:PvtkCLdrEpYinAMxAEYi0AMxkE9
                                                                                                                                                                          MD5:BBC6198B60210C1578CBAA60B96FDC70
                                                                                                                                                                          SHA1:3A19EFD437D2C35CB15F2AB2D813466E8B1066B7
                                                                                                                                                                          SHA-256:9196D431048A4481911054ACAD58D849D9AC38715A2F164FB09CC52F5E41D105
                                                                                                                                                                          SHA-512:D89A7F66BF6273A0A232D543FDB98CF583B0DCDE2FFF058AA018A2368D0F0918CDCB317D0729749F490D5F6A5D9D36B04F73CB8E2CC3E3D69A123808B787B0A9
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...8..e...........!.........v............... ............................................@.............................D....0..(....@..xm...........|..@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...xm...@...n..................@..@.reloc..$............z..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_bg.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):55616
                                                                                                                                                                          Entropy (8bit):5.5655586584292065
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:Jq/odckbeGZBOcl8Nyb8E9VF6IYinAM+oP9ax7AIFEIYiF93jjMAM+o/8E9VF0Nm:yoV7DlcEpYinAMxyL1YirjMAMxkE0u
                                                                                                                                                                          MD5:DA09EAA0D93375AFE0709C1809C14939
                                                                                                                                                                          SHA1:9FD4700E02BFBB7E4C890CDD59F0620FB0F9FE17
                                                                                                                                                                          SHA-256:0BD086FFED7296FF1FD8228AED8F80B8D9A8E2402AB974A9258A86887347E502
                                                                                                                                                                          SHA-512:392C0DEE8ED74DC12978E29F5777BF5D3E93BB0F839C156951F34EAA9A72AC9F4E132A99344D9EACCD5D98AB12CC7EA5F95DC1D503B6C6CB1F4086380AAC3A96
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...8..e...........!......................... ............................................@.............................D....0..(....@..8y..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...8y...@...z..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_bn.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):55616
                                                                                                                                                                          Entropy (8bit):5.623684706857659
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:JcKhvUx7tYF7qKF0FrHF6zjbmBwgNyb8E9VF6IYinAM+oP9ndzZIYiF9wQAM+o/i:xhrlF0FrF3BwYEpYinAMxaYi1AMxkEI7
                                                                                                                                                                          MD5:28C55146F4311953E1CF7E468C8DC74B
                                                                                                                                                                          SHA1:76442CD814BE3FB21A0E2E8608E564C785548F13
                                                                                                                                                                          SHA-256:32216C7119BE97564830F8CBF4888632E7D1AC5F99AB65DA6C2E6A28D511800E
                                                                                                                                                                          SHA-512:5E13C7820218C29F26C64C12C318E40C11759B37300793F22E08F3D828361CCB1244123610B4AFE3E9E9E454263A862D136A96E4271B51378C50E8D2F8A83D47
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...8..e...........!......................... .......................................{....@.............................D....0..(....@...y..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....y...@...z..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_ca.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):55616
                                                                                                                                                                          Entropy (8bit):5.39160458880719
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:Sv2ArBupGEEpYinAMxVYiDWdSAMxkESKM:Sf397HxV7DWGxuKM
                                                                                                                                                                          MD5:44ADDEF5DF612EF84086876FFA323A76
                                                                                                                                                                          SHA1:CC7639439B15CAF8FC8F9240BEF8B757BB3054A2
                                                                                                                                                                          SHA-256:108525B759F60C5076BACA70474640E1E262BF77FF3F1A1E7822198416084D55
                                                                                                                                                                          SHA-512:7211E8549A4D6A3BD6C425DA1065F8AE0DAEE1C7325D63A8E8535FAD7464A2043CCB5F379310AB4A22C4498728F3317B79F260C097CCC652817FB521D317106F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...9..e...........!......................... ............................................@.............................D....0..(....@...x..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....x...@...z..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_cs.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):54592
                                                                                                                                                                          Entropy (8bit):5.442186434885563
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:OUBDBWpaJkhYwA+fwNyb8E9VF6IYinAM+oP9gpY83AIYiF97XAM+o/8E9VF0NyFx:huIEpYinAMxZsYiDAMxkEpb/
                                                                                                                                                                          MD5:68BF6960F7C5BF7AE817EFFC7632C017
                                                                                                                                                                          SHA1:F828B622D95F69222B68BBA9FA9F400672C84569
                                                                                                                                                                          SHA-256:5314C94178A6861A88792F34D924A56B5CC7214CC4351AFCBED536D5C3F13417
                                                                                                                                                                          SHA-512:71C84ED4417ED943EF752CDAC0D9E57FCAFAD80B3B16A2EE515734BF3A12F335FB9E4B0BE86DB1B607CF4E951D4306626C15C166C11579BBD0B866756D0DE53A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...9..e...........!.........~............... ...........................................@.............................D....0..(....@..0u..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...0u...@...v..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_da.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):54592
                                                                                                                                                                          Entropy (8bit):5.409036773195985
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:O7aUfNnwtpTqPqNyb8E9VF6IYinAM+oP9G5rJXEuIYiF9YabOAM+o/8E9VF0NymB:X8nw/+qEpYinAMxgUjYinaAMxkEm
                                                                                                                                                                          MD5:6ECB0249DA48684622FE633F98F8F530
                                                                                                                                                                          SHA1:1B9990DCCCD813FAC7C5517A03E5C147816E486F
                                                                                                                                                                          SHA-256:0A52E3DC70183D8041683817CC0514004898E87D9C080FB93374E900660BBC0E
                                                                                                                                                                          SHA-512:E48932205ED3362B4C915C572FCAAD012205837F54520F66C33B12F9AB4179E03AEB559C18465E3C419242CF039DA5C0271FD2CBC0031F1E7C7594C71CCB75BB
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...9..e...........!.........~............... ...........................................@.............................D....0..(....@..xu..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...xu...@...v..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_de.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):56640
                                                                                                                                                                          Entropy (8bit):5.377480288938011
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:XKjmxUM8QtPM0Me6INK/AGNyb8E9VF6IYinAM+oP96jjjIYiF99hJIAM+o/8E9VF:UmXjMePsAOEpYinAMxaMYivuAMxkEhJt
                                                                                                                                                                          MD5:BAEA28AE8DD3E3C70DEBCDF1AE5448B4
                                                                                                                                                                          SHA1:F8F40C17ACE4FBF272618063BC35F2502B00ADC6
                                                                                                                                                                          SHA-256:4C2DA183A792B13077B398085CFF930CBF493B8CBEC50609F2BC6747F0B8092A
                                                                                                                                                                          SHA-512:04DE4F7FA8C4A625724337539EFF093E2371ED417A6363833E7F65CBD14C9A0F64BB17EF1BA4BF51A16D6611E8240E4D2B248E4622BAB462DC331459DF64C851
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...:..e...........!......................... ............................................@.............................D....0..(....@...|..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....|...@...~..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_el.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):56128
                                                                                                                                                                          Entropy (8bit):5.627688222986176
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:8Zr5lLO+R52/g4EpYinAMxSKYidzAMxkEd:2rl7207Hxt7dzxJ
                                                                                                                                                                          MD5:5FBDD326F7F291BE11E1D79A7B2C8A51
                                                                                                                                                                          SHA1:5701E5D3496F6D2F0C694D317F568A63990C311F
                                                                                                                                                                          SHA-256:1CB97FF90568D81F8CC9E6A2EAFB07EAA276834169365980279403D99756103B
                                                                                                                                                                          SHA-512:01BC099E7C875D6A0473F6FF577F14F3DA3123951596B5651BC757B6A2C10F293078452BB42A87084C3B862D4A0CD56129670234D2E9518E76379C534B534AAB
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...:..e...........!......................... ............................................@.............................D....0..(....@...{..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....{...@...|..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_en-GB.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):53568
                                                                                                                                                                          Entropy (8bit):5.419932966591344
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:Xy1/Nagyh6QuZNyb8E9VF6IYinAM+oP9p91J3ZIYiF9fAKAM+o/8E9VF0NyUNk:uNagyhi9EpYinAMxVGYiQKAMxkEYk
                                                                                                                                                                          MD5:4396E672BC6FB86EDB0C6889D12CE082
                                                                                                                                                                          SHA1:C92279D00DBC2DC0EA13E3A8896EDA76A359723D
                                                                                                                                                                          SHA-256:F35E94567279C322EC1D4BB99EAA1327FCAA1F06F4BD9D1CEF8C897FD8BDA8C3
                                                                                                                                                                          SHA-512:45F40EACE1C0398EBCA42EFF48DE6208BC87147837459AEE6D882CD017A9069CAD2EBEFE8B1EF0D27F36981DDD963416F0B7B5A26AF98A84B6CB64666638D0D3
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...:..e...........!.........z............... ............................................@.............................G....0..(....@...q..............@Q......$.......T...........................`...@............0...............................text...7........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....q...@...r..................@..@.reloc..$............~..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_en.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):54080
                                                                                                                                                                          Entropy (8bit):5.398655575356968
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:8VgzagyWk9RUNyb8E9VF6IYinAM+oP9BCDvCIYiF9L3qc2AM+o/8E9VF0NyQr:NzagyW4UEpYinAMxmYiOBAMxkE2
                                                                                                                                                                          MD5:364F97EE7B79DEB51DCC8F5EC4A0EE7C
                                                                                                                                                                          SHA1:EC4CACCAA57714FA8B9869315B6B13C530587E2D
                                                                                                                                                                          SHA-256:DE1E4766E0A2C188604AB2927025E1F5B05CEBF7E7B20E8342B4206686A7EB96
                                                                                                                                                                          SHA-512:43894949B412A8ECA8032F68DAC6C9208D9297B8C0353B9BBACEFE13343BB94343569F4CBEE1AC2B90971C8E2CC81408C55FC57DFEB94A6297D28CBB43E4D1E6
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...;..e...........!.........|............... ............................................@.............................D....0..(....@...r..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....r...@...t..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_es-419.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):55104
                                                                                                                                                                          Entropy (8bit):5.391103646647603
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:8Uil+fs4INyb8E9VF6IYinAM+oP94Y6uFkJIYiF9EW4EVdAM+o/8E9VF0NybJ9:Il+fs4gEpYinAMxnZYiWELAMxkED9
                                                                                                                                                                          MD5:C2E2C6690755507979F570CA3E92E903
                                                                                                                                                                          SHA1:F82052FC3D2C97C18CCAE91CB64C91F02DC09AC5
                                                                                                                                                                          SHA-256:FD60F26D62F58D1AA41D11A8AD3086E2A0D92EF22AC766F606AEB2BCC3B217EB
                                                                                                                                                                          SHA-512:319A6418576BE4274269F533A5CEF62F9020B606494F3C7A5B299957931B919A86507F7888EAB5C6BB952BC65DAF76AE89439E72778BF97F77B30B520E904148
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...;..e...........!......................... ............................................@.............................H....0..(....@...v..............@Q......$.......T...........................`...@............0...............................text...8........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....v...@...x..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_es.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):56640
                                                                                                                                                                          Entropy (8bit):5.365606356097874
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:86qBkNzf1FNyb8E9VF6IYinAM+oP9FVIrIlppcIYiF9kSx6AM+o/8E9VF0Nyueu:KBkNj1BEpYinAMxI2Yi1oAMxkEq
                                                                                                                                                                          MD5:91C76FBA7736D06307708EE572CB9ED4
                                                                                                                                                                          SHA1:64764FCB44F18104E7554D8091BD0C7EDAA9D1A9
                                                                                                                                                                          SHA-256:D62078627149F4B5B90EE68B56C640CE120519F2F0438FC136AF225510CBD343
                                                                                                                                                                          SHA-512:F789D42681BDCEE52CFD342F019A16396DAE0E3F8C929A1A004E1F9F960EC94BE72B40E8D22A0DFEDA1F743564568F457EA64A6C6E5074F323C4655964402097
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...;..e...........!......................... ............................................@.............................D....0..(....@...|..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....|...@...~..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_et.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):54080
                                                                                                                                                                          Entropy (8bit):5.407227689072818
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:VYBW7bDFbDZETJ9TSQMNyb8E9VF6IYinAM+oP9I6UwqLYcIYiF9sx5q7AM+o/8Eg:Sm96nHMEpYinAMxTYiOYAMxkEg
                                                                                                                                                                          MD5:9599F4AEE019804B418245C5A86881C7
                                                                                                                                                                          SHA1:517D4DDD90361B89359BCCC174D9A6ECDA391426
                                                                                                                                                                          SHA-256:3023BFEDCD84AC065A38C4C6C983CCFAA0B3D5C02A610C6CA2EA00FD5545DABB
                                                                                                                                                                          SHA-512:613C6F11D11D84C1208B1CD7BDF030C3D2F5B90BC4D134C6E0584121B688AD14B01CE38C56501898962F5C859A8AF54248E86F510C20F3F7E0415163FFF95F14
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...<..e...........!.........|............... ............................................@.............................D....0..(....@..xr..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...xr...@...t..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_fa.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):53568
                                                                                                                                                                          Entropy (8bit):5.562768970202109
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:VCYQOZMK9Y5fNyb8E9VF6IYinAM+oP9eLcfiPdwFIYiF9EbrJAM+o/8E9VF0NyXe:c1VBjEpYinAMxMcqPVYicxAMxkEg
                                                                                                                                                                          MD5:A09A6C8DC7CEFC6CB126939947884678
                                                                                                                                                                          SHA1:16F90FF84A3CD8C98304459007C7D05A98D05CC0
                                                                                                                                                                          SHA-256:C5CFADFE624A0B92B45B121DC30D06D89150BDB03FD45B4FB7B4534BBC7EB40E
                                                                                                                                                                          SHA-512:AF6F3BE99AEA54D26E933C98695644596D814E4E8B880E5CE081093A474FB8DF973853DE5220E498ADC84FF752CFD1CA4165771F04048CA9ED7CB6C179050798
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...<..e...........!.........z............... ......................................q.....@.............................D....0..(....@...p..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....p...@...r..................@..@.reloc..$............~..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_fi.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):54592
                                                                                                                                                                          Entropy (8bit):5.408662294317196
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:V1HzPEzPhXY7RzYd99hKh1GAsNyb8E9VF6IYinAM+oP9BSzehCaIYiF9ca8lAM+c:PzPEVmKgsEpYinAMxqzTYin8lAMxkEsI
                                                                                                                                                                          MD5:1DFC8B3110BA27F76C5C6495533AF538
                                                                                                                                                                          SHA1:DD60677F7AED0FBC06877333136562EDAF0BAECA
                                                                                                                                                                          SHA-256:60A159777971A84302E150866CAE1339ADC04939BF12B7B2367243361499BBF9
                                                                                                                                                                          SHA-512:37674C26A179B839239337219EAF8F78AEAC10425DE5E7CC5A91B140B816410EEC5C4DE84E7BE825BA4CED3AA41F1B421B1902D26C5A9384C725C5682017ED72
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...<..e...........!.........~............... .......................................G....@.............................D....0..(....@...t..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....t...@...v..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_fil.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):55616
                                                                                                                                                                          Entropy (8bit):5.386310916321289
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:D7U9w+B3RVawWrEpYinAMxmR7zYiyOAMxkE8e7:D6w+B3RVawf7HxMf7y8xN
                                                                                                                                                                          MD5:20152624A1FF01D9F2BAC28D7B00CCA9
                                                                                                                                                                          SHA1:A320967BEE24E07725E3AC2DC2F66F264F1B9221
                                                                                                                                                                          SHA-256:80063F2CA78C9C757FB06B36F24F0347992DD75D300C4FB4A0DAA90D31B83A2D
                                                                                                                                                                          SHA-512:A9334CC7D97A212F816EEAC0EBE8D6A5CC4B83C72DC10C34682AE504EA9690C077A84246DBA1462E991C609431CC93B085ADC14DAE28D468B537305161D56EF7
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...<..e...........!......................... ......................................-.....@.............................E....0..(....@...x..............@Q......$.......T...........................`...@............0...............................text...5........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....x...@...z..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_fr.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):56128
                                                                                                                                                                          Entropy (8bit):5.3857985161200785
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:qqov98EoycpW4xUNyb8E9VF6IYinAM+oP9HaOp/IYiF91ihkAM+o/8E9VF0Ny3j+:OvaycNUEpYinAMxoMAYiAhkAMxkEt+
                                                                                                                                                                          MD5:7704C15C3F3F312CAF2849DC2EAB0E78
                                                                                                                                                                          SHA1:E3C673D407464CCB1E2DF5FC357D814C61213F7B
                                                                                                                                                                          SHA-256:FE634E2F6C7AD7BAD17BD0A956B612BB14A9064B98CF5B5E013E08AC19204744
                                                                                                                                                                          SHA-512:704A7541B55962E0DB1BF9388DA3F8A2AE1AE284AA60409D5FBC30F9BE275658D10C2DBFA80DED9F12632DA0F4F076925B5658B4F16EEEDD5320AFEADDEDCE85
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...=..e...........!......................... ............................................@.............................D....0..(....@...z..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....z...@...|..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_gu.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):56128
                                                                                                                                                                          Entropy (8bit):5.61051850410968
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:q6qm3UbeAV4DnYCRfwmkIPNyb8E9VF6IYinAM+oP9iCpiA4RpIQnBIYiF9jdiAM+:EUUbe7hbzEpYinAMx07nWYi0AMxkEoem
                                                                                                                                                                          MD5:41B7CEF8A631E5F9FF1B54F6B0CE13E7
                                                                                                                                                                          SHA1:8B695116808D99DE0B49EB54FF8AFA9A6E81368B
                                                                                                                                                                          SHA-256:3B5FFC2C6DCE2BE431CF686FCD2D2CD39FF003D42AFC27887CB128B34CBEE354
                                                                                                                                                                          SHA-512:15E72B1B3FDEB5A7AC2C4AB044224D25521A820AE62C725ECCAF6E3E2C1CDB24F9EAFB3AA12E1C1ADB042E762D49E0FE6A3B81280D1E5346BCDBDFFB8712B6FB
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...=..e...........!......................... ......................................1.....@.............................D....0..(....@..hz..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...hz...@...|..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_hi.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):54592
                                                                                                                                                                          Entropy (8bit):5.584260993420684
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:j4x6AN6AQqjexbyqKXhHqC1EpYinAMxlcYiXl2AMxkEb:j4xXc7Hxlc7VExH
                                                                                                                                                                          MD5:5EAF10368F71EF58845D728B1C35DEDA
                                                                                                                                                                          SHA1:1D525E25F5B1B2546285B0BCD18BE0D2F81F17A5
                                                                                                                                                                          SHA-256:E9FBEA12B32D02160D14370501A622C032114C592EF7C5BF94EB620283FCB6D7
                                                                                                                                                                          SHA-512:94B31603651BC5A3BB51E44E07AF1BBDB4B6D9EAF5B0AE7584525155224F23F653AFEA2DDA885620C6362D8CEE6189C5B6C86C2D76E2CDB541415A604A4B1FE3
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...=..e...........!.........~............... ......................................#P....@.............................D....0..(....@...t..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....t...@...v..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_hr.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):55104
                                                                                                                                                                          Entropy (8bit):5.402610840778619
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:TsfBpdOXz19szMH5KBL/yNyb8E9VF6IYinAM+oP9I2ZlxEIYiF9GTJAM+o/8E9Vz:GBK5oL/SEpYinAMxPYiSJAMxkEn
                                                                                                                                                                          MD5:615FEEC50393BF657E7B84A864D534A7
                                                                                                                                                                          SHA1:0D3807C4E28D0121C43B3A910BD4538DEEC70B5E
                                                                                                                                                                          SHA-256:6EB847167FF384D1D30B6D16939980DC89D95547A18CBA91136CE66CEF6C06B7
                                                                                                                                                                          SHA-512:76FEF42FD098DAEAC39B495C5AF7E71784204936D4D75483BB49678C3995C7FE0FC3B75F5D2E034FB974AFCFE45FA4158801C92F0A55441C5E8CD34647142AFA
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...>..e...........!......................... ......................................T.....@.............................D....0..(....@..@v..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...@v...@...x..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_hu.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):55104
                                                                                                                                                                          Entropy (8bit):5.425116799449756
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:1536:Q17U791C2TzpwGFTbZY6d1lBVZ5qAy3FGd7HxQ74xXa:Q17U791C2TzpwGFTbZpd1lBVZMAy3FG2
                                                                                                                                                                          MD5:E200F70987E56CBDFF8C6A587A02705F
                                                                                                                                                                          SHA1:8C135AD82792C337445DAB4677B654C7390BF36F
                                                                                                                                                                          SHA-256:B285107D2D2F2D64F2F060CF57E29B08C5DD9498CE8CEF83ED7C30032CE4625F
                                                                                                                                                                          SHA-512:81163C216A1D4FB7B328D4982F4A251601242320EB413B88F423CB133526484667328716D368DAC110E6E2E4715814A8A1A85BF56A81C42DC8E48049DECDC767
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...>..e...........!......................... ......................................_.....@.............................D....0..(....@...v..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....v...@...x..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_id.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):54080
                                                                                                                                                                          Entropy (8bit):5.402370571282084
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:TxFmhL3THRNkAHqQ3lFRf2I9ByrUvNyb8E9VF6IYinAM+oP9Lfu7byIkdIYiF9X0:WXhR5TEpYinAMx8oKYitAMxkEc5
                                                                                                                                                                          MD5:16C771FF09E9BCFE7FD617C0F5D489AA
                                                                                                                                                                          SHA1:55AC69B62DD357DE4884A95F95786AF979F2CFE2
                                                                                                                                                                          SHA-256:6F747BB6BCF0491A3B7F2F04B802C41BD895A01D94F11E7E5B6721B17DEE26F7
                                                                                                                                                                          SHA-512:D85B041F62241EC6F4685372895200FECCC1F277F1E0D4A5015AD79CEA12FD19BB4B864EF871A4F6D7B4C0D887F4F92FAB74BFDFA7940B07866B063464749C4F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...>..e...........!.........|............... ......................................z2....@.............................D....0..(....@..Xr..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Xr...@...t..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_is.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):54080
                                                                                                                                                                          Entropy (8bit):5.42997837750232
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:gJqibAIErkUVQF5UefV3BEpYinAMxxYiPAMxkEA:gJqibAIErkUVurfVa7Hxx7Px0
                                                                                                                                                                          MD5:1844776B1E873892CB6D453EBCA334A2
                                                                                                                                                                          SHA1:6F36F4BF2CE6D286C0E1E59041EE506BBB96ED7D
                                                                                                                                                                          SHA-256:98E823748DC2E72B8B5A46827D501E12C9C48E209643F2DD6B4B8D333501DF8E
                                                                                                                                                                          SHA-512:8C48EB7CC40EF6798C9789A9B860BCF508D3740E948FE64E1197A422CFD240A6430FC36B5AFC23A5C1CA73FB155003B22A57AECEB207741BC9EBCAA947A411B6
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...?..e...........!.........|............... ............................................@.............................D....0..(....@...s..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....s...@...t..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_it.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):56128
                                                                                                                                                                          Entropy (8bit):5.3695383590059125
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:4SIlDIN+shh3+Nyb8E9VF6IYinAM+oP9BNgIYiF9zMAM+o/8E9VF0NytlR:UVIN+q3GEpYinAMxPYiIAMxkEP
                                                                                                                                                                          MD5:E7A5254E3C732ED21F756B90EE6C73B3
                                                                                                                                                                          SHA1:EE2C5D342E51BE27750F5C855A9437B6BF3FEB86
                                                                                                                                                                          SHA-256:9342ACA1761B4F81F8771F19CB4A1ABD77F392194D32758FF42B98F8AA3D6CB5
                                                                                                                                                                          SHA-512:75F83A5905F8254E4FB352D00B8173D2A5614C17D166C06AB87C0B67C1C7BDF99377C7BBB89A85E6AFC5F0E5F8A045E45D64B2B157A413E871C015EB65D46F3A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...?..e...........!......................... .......................................a....@.............................D....0..(....@..@z..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...@z...@...|..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_iw.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):52032
                                                                                                                                                                          Entropy (8bit):5.602368818487498
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:4cKIv7hdVexaDywGfJssDNyb8E9VF6IYinAM+oP928tt+fIYiF954AM+o/8E9VFt:EgNM1fEpYinAMxZRYieAMxkED
                                                                                                                                                                          MD5:0DC19E59ACEDB7D103D0C21B02804661
                                                                                                                                                                          SHA1:477FEAD06B9DDFB85185DA85A640E6BB467FC32A
                                                                                                                                                                          SHA-256:17ED8A04CC1BCAB734F23140BFC8145BD0D038C284D50F439DAD1E66F7647C22
                                                                                                                                                                          SHA-512:20F3E9B58E9D5AE3F08096ABD5D5A43DB93238FDCDF2E96126A4B4AEB06BE2C8ADDDDC6601136EA265770AFCC7F4BE41E20F1D28CA361FE0135FC98BFA71F392
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...?..e...........!.........t............... ......................................nn....@.............................D....0..(....@..@k...........z..@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...@k...@...l..................@..@.reloc..$............x..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_ja.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):51008
                                                                                                                                                                          Entropy (8bit):5.615534777551888
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:hz7iEHj0FgWGNyb8E9VF6IYinAM+oP9EimJIYiF9mRDxAM+o/8E9VF0NyzCU7rR:RiED0FgWOEpYinAMxHYiWDxAMxkElt
                                                                                                                                                                          MD5:6C6093A914A889BC15133A57DB09C395
                                                                                                                                                                          SHA1:A8F9D54288D636E586271D78E7CF69E9E0121E16
                                                                                                                                                                          SHA-256:EC7AF1E9B03241F85A99F9C807FE279E322CA5528DD08B33F65D0CEFB8F04EED
                                                                                                                                                                          SHA-512:3548503A8395ABD3D19D3FFEF24832242F6F6C742678C0657FBF795DD14584B9F35BE5B02D7BC6657D486E63609E0687C1E277857DBEFCE6AE7D97E6E135605F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...@..e...........!.........p............... ............................................@.............................D....0..(....@..@f...........v..@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...@f...@...h..................@..@.reloc..$............t..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_kn.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):56128
                                                                                                                                                                          Entropy (8bit):5.638575498464374
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:hgLfUIRBSWNyb8E9VF6IYinAM+oP9BGv0Xs8fIYiF9ngp+AM+o/8E9VF0NyNwZ:cfU8k+EpYinAMxq8TgYiop+AMxkEo
                                                                                                                                                                          MD5:12B9BE5F0923BB2313C68BB46A069F4F
                                                                                                                                                                          SHA1:150A975918C1435027F295A06058C5BC110B4AB0
                                                                                                                                                                          SHA-256:DCBA408E4AFDC0831CB26D08EC05EA0616F14071E81ABAC8FE5676636C2EE151
                                                                                                                                                                          SHA-512:1CFC30E83851456DD3A5925925E34AC12F7148E20F487CDB82E0F01E06DD77B6411CF03B2094C11DF9566B1228A97024065A78F77100493902BBBEFDF6502D27
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...@..e...........!......................... ......................................n.....@.............................D....0..(....@...{..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....{...@...|..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_ko.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):50496
                                                                                                                                                                          Entropy (8bit):5.652443774196828
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:hUELKTd4IY+N1vZsYoRHgA12plxB4xRkkTY1M5tkOANyb8E9VF6IYinAM+oP9cbA:HLKWmAf/jv4EpYinAMxhOHYiSAMxkEp
                                                                                                                                                                          MD5:10BAD5A24446C6E00AD2C18D09B000E0
                                                                                                                                                                          SHA1:FA030AA1F64894829C0CD8211488B38A18D12297
                                                                                                                                                                          SHA-256:91649E91509AA7200BB669AD2F5F6788EBAD7C5AA2CA6D7BB855E9FD96D010AE
                                                                                                                                                                          SHA-512:6AA1E426BF7AA470058810F0515A94C1F6D624B4FF3D99BBA09C850FD17DA4A2C2C50BDEF44AA28BBB3358486844520C46482FD7295B9EE50CCC8449940016F6
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...@..e...........!.........n............... ......................................P3....@.............................D....0..(....@...d...........t..@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....d...@...f..................@..@.reloc..$............r..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_lt.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):54080
                                                                                                                                                                          Entropy (8bit):5.426785047163885
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:X1ckHz05TmDq09ZEpYinAMx7b+YivPAMxkEkt:X1ckHz05+i7HxG7Hxwt
                                                                                                                                                                          MD5:74838014C6FDA1D53C8EDC8679F9D28D
                                                                                                                                                                          SHA1:491C640873E70CD0C703C57DB6F0FDC941CBE7F6
                                                                                                                                                                          SHA-256:6AAC9D75D6D02884C5CB5EF33A4BD1801D9BE70DD937C624F21E492F64CADF68
                                                                                                                                                                          SHA-512:ED792A4B625D889D8D17AD1DD23D0CC015F28B3DBCA5CD6C525E8C814996B1F806855AC4B9D59758306BE5F6F0C09979D1ACD64332E24F4C3358C5FD6857A22B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...@..e...........!.........|............... ............................................@.............................D....0..(....@...r..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....r...@...t..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_lv.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):55104
                                                                                                                                                                          Entropy (8bit):5.43355377301059
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:GQQpZyAxOeK6eDNyb8E9VF6IYinAM+oP9l4ZCIYiF941WAM+o/8E9VF0NylkC:IdufEpYinAMxWYiSWAMxkE0C
                                                                                                                                                                          MD5:8FA152CA88C3108EFE077F57482BB42A
                                                                                                                                                                          SHA1:B27058398730B18E39D9E16FBFBC5625AF403FF8
                                                                                                                                                                          SHA-256:01C42EB00F2E6566D3FFF4AFB0B2C2FAF34C14A1A61E29DB86B3CB76D4EFBFDC
                                                                                                                                                                          SHA-512:81620FD3D80A1C245BCBD643D1B579E3D413B3A0011AC65F39CE31929908FCD95C1D4C0D5BA89A1F907E02E351CE5EE2CE79B61E7176CA9706908BCE7A4BF59F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...A..e...........!......................... ......................................n.....@.............................D....0..(....@...w..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....w...@...x..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_ml.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):57664
                                                                                                                                                                          Entropy (8bit):5.590444403006137
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:G3zU3B7FZygp8/JLONyb8E9VF6IYinAM+oP9OFIj5iIYiF9ImPAM+o/8E9VF0Nyv:JRWJL2EpYinAMxpYifPAMxkEeC
                                                                                                                                                                          MD5:F693B959CF8C7341020D18ED345AD74B
                                                                                                                                                                          SHA1:FD57E1806796F23C639531E6DCC165FCEF4F37BA
                                                                                                                                                                          SHA-256:0B37B36D43D032BFB68F06173107AB58E8C17904C3D1247C32690E168FA922F2
                                                                                                                                                                          SHA-512:E474312498C874EF53A1FCC75A9D28A35341577BDBF672FB3D82D76A2BD9BFF6BE9477A61C64D1EB434FCB9FAC7B65912E033FDEF8877A681C614A035C01E347
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...A..e...........!......................... ......................................c<....@.............................D....0..(....@..x...............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...x....@......................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_mr.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):55616
                                                                                                                                                                          Entropy (8bit):5.588716592426551
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:GfvCdo/7JK7bABkCNyb8E9VF6IYinAM+oP9644k0VwIYiF9QqoAM+o/8E9VF0NyZ:uYo/7JK7b5CEpYinAMxmvYivoAMxkEBV
                                                                                                                                                                          MD5:0DC5183697F790CF937860F9F8CCF8BE
                                                                                                                                                                          SHA1:531C04F6AA3B363A14740CC33D1E4D98BF857BC7
                                                                                                                                                                          SHA-256:8176DA09CFF7F0BAE0AA08430CC4CA093A68627FB631A377DF0EC82959E7F634
                                                                                                                                                                          SHA-512:E58A71558240BEE892FB783E061BF481CC2F56F01BFA5F7A2C50C0EC69B2360AB9564E80C3D34ADE0296DB1D9509861484A3D6AB3936880AF9D23CE13FF1A373
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...A..e...........!......................... ............................................@.............................D....0..(....@...y..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....y...@...z..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_ms.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):54080
                                                                                                                                                                          Entropy (8bit):5.4114238474999805
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:Pr10IePeyrQLtUv6oNpaMkYjZZ/fbMgTRlREDNyb8E9VF6IYinAM+oP9LeFFjUIX:qjTZf3TFGEpYinAMx+jlYiFAMxkEj
                                                                                                                                                                          MD5:742CD3150B436B909E5AD9AB6F22783C
                                                                                                                                                                          SHA1:474B8B3B75CFB25C90EB33E8E4BBCCB07068DC8D
                                                                                                                                                                          SHA-256:E537F7AB167D50E347B359AB848C46405C7FFD067408E896858C31AA99E6B228
                                                                                                                                                                          SHA-512:CDD492F93BBE49F17DC8DBAA19C1FE1FB1B3403054703D20402B07A42BB5D5F5D20F1D126103AF0DCE62EA36299835902E7FAFF96EA5D7EACD59974E6F88A2F2
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...B..e...........!.........|............... ......................................?_....@.............................D....0..(....@..Ps..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Ps...@...t..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_nl.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):55616
                                                                                                                                                                          Entropy (8bit):5.380500350214481
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:P/kLXd/T3kXNyb8E9VF6IYinAM+oP9e8Kk6U92ZHIYiF9524AM+o/8E9VF0NyZwS:ULtgbEpYinAMxPSUTYiFAMxkE0S
                                                                                                                                                                          MD5:A54633E30C2FFD23C3578C885E0E9F5F
                                                                                                                                                                          SHA1:662988663B27C21A0CC310D304346466EADD76A8
                                                                                                                                                                          SHA-256:3FB8523B91B2BFEE51CA2EA972ADA260F27BA389EA9E1DD7CB8411F21F126CA2
                                                                                                                                                                          SHA-512:AF9213815F634BC3A1DAFDF0D2BE537E4634D690C118090A81DB1138130504B4EFD27D9D0599F7295B06A5BCCE44B71E200574E583C820E820CA84D72D6E492B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...B..e...........!......................... ......................................D.....@.............................D....0..(....@..hx..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...hx...@...z..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_no.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):54592
                                                                                                                                                                          Entropy (8bit):5.41113033461094
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:PZ75JZSiyCSiykeRAYiTvaK3Q3Nyb8E9VF6IYinAM+oP9P+6kIYiF9+60/AM+o/d:xeCYGiK3Q7EpYinAMxtYiWlAMxkEh
                                                                                                                                                                          MD5:A78998736B54EC264AD3FA9529693C8F
                                                                                                                                                                          SHA1:4B468CCCB8AC25C9E9C05161DD5C44E08504B41A
                                                                                                                                                                          SHA-256:EB3F06A4EA447CE64971673C50CCF83E2842303F1A27655F3A170495C94B71C6
                                                                                                                                                                          SHA-512:F747EC1B69B931D90EF4CF31A5F8E7BA95B6AEC7B36299A0E988B1D4790F42BE8AF698FE66032324C9634E5A44FD251D7BCBFEF9C5529E7D2368FFA38CEB5962
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...B..e...........!.........~............... ............................................@.............................D....0..(....@..(u..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...(u...@...v..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_pl.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):55104
                                                                                                                                                                          Entropy (8bit):5.433825393956769
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:Uym9mn7KZHCCA7U8Gp6hNyb8E9VF6IYinAM+oP9LK5SIYiF9YjAM+o/8E9VF0Nyi:SUy3AIylEpYinAMx0YiCAMxkEU
                                                                                                                                                                          MD5:E73CF3871B41E0C59440C8D709CCFD75
                                                                                                                                                                          SHA1:8428813368197AEE8E3C2BF2104297476BC4608F
                                                                                                                                                                          SHA-256:AD124B0646894F3BFCB61D366D7BA5EDF4978766807B5422AD1778509231679F
                                                                                                                                                                          SHA-512:A31E82503BB3D8E1DB9EF4C1030ECD481396183CC64905FAF91E52F9C3E68469FDF3A850357AD70466D2810855D2B58E19B9302499D2547F85A610B1F8159FF5
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...C..e...........!......................... ............................................@.............................D....0..(....@...w..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....w...@...x..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_pt-BR.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):54592
                                                                                                                                                                          Entropy (8bit):5.4115414787256
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:UYnLplZcOZX8mNyb8E9VF6IYinAM+oP9m675zIYiF9cHymAM+o/8E9VF0NycBM8s:3bguEpYinAMxJiYiEAMxkEI7s
                                                                                                                                                                          MD5:0227D71A996FAB2B394DFB17A43F1F8D
                                                                                                                                                                          SHA1:DA6002C093911114035CBD5D7D29FA51E3DF2C45
                                                                                                                                                                          SHA-256:290A463B8B11E5F5C5D3BCC2B5B8D910721BA645E2B4B3AF951223F76610BEDF
                                                                                                                                                                          SHA-512:FB95F13C4AC6A7B8AD13F271EE3D93ABBD5E0713F0C0DE402D7B73EC82B483A26C6B071ED5521914E34E74AEF168F9FA0762801FB37EAD9D05CD3D675AE2CCFE
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...C..e...........!.........~............... ......................................W.....@.............................G....0..(....@...u..............@Q......$.......T...........................`...@............0...............................text...7........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_pt-PT.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):55104
                                                                                                                                                                          Entropy (8bit):5.392362813870133
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:UaAtOstnEx6ewB/Nyb8E9VF6IYinAM+oP9/KlAIYiF9J3ReAM+o/8E9VF0Ny1SX7:w/Ex/UDEpYinAMxGYiNgAMxkEC7
                                                                                                                                                                          MD5:962BFFC6EC3DA987471851A4240AEB61
                                                                                                                                                                          SHA1:BA1B8AFF4FACD861553039A256A7623ABF30CD66
                                                                                                                                                                          SHA-256:3BD318A0867F1C971DAAE6A96C6EF2A09FBFB15EC5B3706DA34453410EA1F4FA
                                                                                                                                                                          SHA-512:D975EE07C82CD658E4A3B6CF67BBD8FD41D989D718E5EAD479E0250BC3C66A933FD0E8B1DA468E0C906986AEE58E3C0F148E4F8A23B19121844F5847E1AE14D8
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...C..e...........!......................... ......................................K^....@.............................G....0..(....@...v..............@Q......$.......T...........................`...@............0...............................text...7........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....v...@...x..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_ro.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):55104
                                                                                                                                                                          Entropy (8bit):5.412695960496245
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:5nCRNNDM7qm0GdVqT541naEpEEpYinAMxmYiTAMxkE0:5VdVqlca67Hxm7Txo
                                                                                                                                                                          MD5:54B9FDA6AB88DC9EF0F0C8B19EA06CD0
                                                                                                                                                                          SHA1:C34D52741A8986FCF0991A4CECFE1B2A7C6E85AB
                                                                                                                                                                          SHA-256:1F00F564F1136096FBE58EFDB22E54923E090BA3392CDC51C837A7294A3FD5BE
                                                                                                                                                                          SHA-512:BEFDF3BAED01EA905751CCE248E854CDC43D5A9D77B2EBD27E68C297464A5A0AC1ADF739E8371F0C731A5A7ABB83E6FA227D11120F70D668113F69612D44B6E9
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...D..e...........!......................... ............................................@.............................D....0..(....@...w..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....w...@...x..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_ru.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):54080
                                                                                                                                                                          Entropy (8bit):5.578353591774595
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:tlWSFA47AvHlho4d2hNyb8E9VF6IYinAM+oP9Hn737IYiF9iFAM+o/8E9VF0NyfL:qvvHUlEpYinAMxF0YisAMxkE+No
                                                                                                                                                                          MD5:DD650BDAB776FD3239AAD311BC8CBBD3
                                                                                                                                                                          SHA1:583A340581B2A78DF490951FFE6A7BEEBB51BA11
                                                                                                                                                                          SHA-256:475B114201EC72F4EF26FC66B61AF438CE77F69E5E96D3CFC8FB00BA148AAC51
                                                                                                                                                                          SHA-512:862313704DFFAD1AF1FA72D8F9F1FE4757A9A1082BE41C78E5C307C56F36D986D1F5580922800050E08BB37ED2EB18A6FF629131199E41350A22EA230DD6DC9F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...D..e...........!.........|............... ............................................@.............................D....0..(....@...s..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....s...@...t..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_sk.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):54592
                                                                                                                                                                          Entropy (8bit):5.437717171626643
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:t4lmP8uhJPiR6gLTmNyb8E9VF6IYinAM+oP9AWB5BGJgVIYiF90xFNAM+o/8E9V2:uMF8RjuEpYinAMxlgqiYicFNAMxkEAR
                                                                                                                                                                          MD5:DC24DAA70A6551CD038929F3EC055306
                                                                                                                                                                          SHA1:99843D43C0CC3D4C76A5C817CA4DB49820820C65
                                                                                                                                                                          SHA-256:847440B8D60A11DCE3E254916E5CD926D58C9F06F0D95436B62FF9B9AAAEF4B0
                                                                                                                                                                          SHA-512:451C21F435A451CC4C47623D028B1CF3939CB59B9F9A6D6D71B2F94F9B4CFD487A8756ACFF27768B454F23F2D501E9AFC67E586F9C005142CBC712E5CEDC2D9C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...D..e...........!.........~............... ............................................@.............................D....0..(....@...u..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_sl.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):55104
                                                                                                                                                                          Entropy (8bit):5.399846673022657
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:tkcnTcshVyigOHHTpWBdH1i2IXousrNyb8E9VF6IYinAM+oP9z5XKiS9IYiF9JJd:v+hOHHy1YZsnEpYinAMxfXvYinAMxkEP
                                                                                                                                                                          MD5:FA0AFF0B7EFD37A6195AA454012095E8
                                                                                                                                                                          SHA1:EF4A3CA1608A8FD5DE56B2B94DBD46304480B375
                                                                                                                                                                          SHA-256:7580B1B666C4A6DE0EB5AD03DAFB2F9FB49AD148754A68611E9988ACBBA5023D
                                                                                                                                                                          SHA-512:FB5A73B6134F991FC2E5D9A82B747C821074BEF86A7651638FC0127BEEF78B817811BB00417168BB937F968D55D8356AC0D19C2B569A6B9B31A10531683466CF
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...D..e...........!......................... .......................................v....@.............................D....0..(....@..0v..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...0v...@...x..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_sr.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):54592
                                                                                                                                                                          Entropy (8bit):5.573738261423414
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:CT63FOxCx7UjYN3tGGNyb8E9VF6IYinAM+oP93kDWvSpIYiF94yIj/AM+o/8E9V1:D3TUj+dGOEpYinAMxoCYi8/AMxkEq34
                                                                                                                                                                          MD5:D5D54965E6FB81875F2FCEA8F21515BA
                                                                                                                                                                          SHA1:87F22E6FA6D34CAA26CAF427D5F339880496EFE1
                                                                                                                                                                          SHA-256:759CC7CC96EA181926AF2F6B274CDB9BF63E329FC32A7A1C10B4CFDEE786F2A6
                                                                                                                                                                          SHA-512:308068EB57F007A4674BF5D90C9410BACC715E4AE537ADEC4CAF7F6837544D5526C676BEB2B1488090E7D9F4E966F030709C2934DE3A64E0A9059CE49D1F6A14
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...E..e...........!.........~............... .......................................x....@.............................D....0..(....@..Xu..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Xu...@...v..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_sv.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):54592
                                                                                                                                                                          Entropy (8bit):5.415346681858155
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:CeC7xC7Ec3EINyb8E9VF6IYinAM+oP9Up1XIYiF9+kAAM+o/8E9VF0Nyu7:E7xCYc3EgEpYinAMxqOYioAMxkEG
                                                                                                                                                                          MD5:9C09AE8A870215FF9CF80F09D44F5610
                                                                                                                                                                          SHA1:2EE0328D7617A3D5A46C432DB2AE8BA2D335CB10
                                                                                                                                                                          SHA-256:49FDD7A5FA81697613F0495EA9E6025FFF84565184A1F3279CA42B166920F1E8
                                                                                                                                                                          SHA-512:7351B3955F0F881329DCD209841C84A05E0A2C2472FBF1B9F70505D4CE4A6A5FD612D45F3E11E917AB4D086E3B0C1CC7429238EC6DB6DBC879ECD9F3B8340B1F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...E..e...........!.........~............... ...........................................@.............................D....0..(....@...u..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_sw.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):56128
                                                                                                                                                                          Entropy (8bit):5.425300372554538
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:CL9FgicgiY7upr4M5aNyb8E9VF6IYinAM+oP91k+DrpIYiF96sAM+o/8E9VF0NyU:QFQ07Gr4M56EpYinAMxwYiJAMxkEUh
                                                                                                                                                                          MD5:1048D12C5DAA3492E2CC9060BC6AD9C4
                                                                                                                                                                          SHA1:50051ED23E19D842EB6C9162F537E7C20185ADE3
                                                                                                                                                                          SHA-256:9123A236243EC5508DB14A4E4E5B2BF3DCA077A6F6A85D24730D0A60A7B10518
                                                                                                                                                                          SHA-512:F9F6FF586A13CB32281234478A9F7CE2C6222EB94029EBC448815A5083E0303FC7CCA26F03E38575D449E81869817425F9AB2FF321D6A7EA5EE2EB0F99FB6C7F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...E..e...........!......................... ......................................<V....@.............................D....0..(....@...z..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....z...@...|..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_ta.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):56640
                                                                                                                                                                          Entropy (8bit):5.625808123733913
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:KmHY51ZLm+4HwpEpYinAMxRBYinyxAMxkEqw:K27Hxb7+xmw
                                                                                                                                                                          MD5:795ACCE152FDF555FC5F0CBDC21BAC4A
                                                                                                                                                                          SHA1:B3A5F664D53813E69E33B4AEC327D8121E6066D9
                                                                                                                                                                          SHA-256:F22F4C4B011B9989D73F0EF16D85F9AA5471CC03394C99FC6D74C401ECA88700
                                                                                                                                                                          SHA-512:92638A7BD5962C44F3B21864FFBA114EF82B66334735D247B53ECC3A980C1208F597260547A2B9DA938C6D9D9BEF37AE94D5F6AF0683E0D551E6285D7FAE5769
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...F..e...........!......................... ............................................@.............................D....0..(....@...}..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....}...@...~..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_te.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):56128
                                                                                                                                                                          Entropy (8bit):5.591538654163846
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:aVo3N5ya+LDQEpYinAMx7i+HCYi0GzCAMxkEX:aVo3Ip7HxI70LxD
                                                                                                                                                                          MD5:CB8793AEC04A19877FA3702EDA7C9416
                                                                                                                                                                          SHA1:7771A48AFE1B50C03BAE7D98090929753177C9DE
                                                                                                                                                                          SHA-256:FA58B434E5253B28091CE425EC9296E499241CFC24992E1592154FD1EC449819
                                                                                                                                                                          SHA-512:577EE217E15379E1523FA72FD995E450FE7DAD262E299B594CDC6A8455DCD5002454B84695BCB3B3370DFB03C0B540B931FFF2C43AC50311FB5E95CD9A76219F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...F..e...........!......................... ............................................@.............................D....0..(....@...z..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....z...@...|..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_th.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):53568
                                                                                                                                                                          Entropy (8bit):5.6119616279583715
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:TjlrGszNMfetNgEpYinAMxwKYi6AMxkEyI:TjlrGs+fetn7Hx774xWI
                                                                                                                                                                          MD5:36FF03BB1A029CF62E2FBC0112AB1E1C
                                                                                                                                                                          SHA1:C6BF4C0E47941019999722F1E57346498AF0A79A
                                                                                                                                                                          SHA-256:0F6B55613060D527AE41D5BCF5F34F50BD668BA57F9D4D2521EE7DAB2D053C02
                                                                                                                                                                          SHA-512:08AF745E330ABD384BF06468A2C1A7F6221B0A6C1A9452031FCB4076959C51EB912269EFF77E71F55BFB41C2BE1967A9373B224522ADF856E07B48593E68A92E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...F..e...........!.........z............... ............................................@.............................D....0..(....@...p..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....p...@...r..................@..@.reloc..$............~..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_tr.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):54592
                                                                                                                                                                          Entropy (8bit):5.448739449189127
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:Jip9ABk6qXQEdmvgh3FGk+G9Ahrx++BzQSX/EpYinAMxlDCYiZ+mAMxkEPo:JiZhdmvMFGkSxLQK47Hxg7Zxx0
                                                                                                                                                                          MD5:96C569C1FF875B897A2EBDDD3BCEE40B
                                                                                                                                                                          SHA1:44F8019C435ECBC1B00E8F1223ECE6C42F1E9976
                                                                                                                                                                          SHA-256:9682AF6D55EB930C650D69D7ECD4A6101681425F4821333C4513916AE57CC14D
                                                                                                                                                                          SHA-512:4E6521B28184AB8D09D45FD30E96F3703ADE7F495211380DB0BA79F0372CD834861165B9D66D8CDD0A036850C9866203A6EE60642B80DB4F89D7037BA56C8BC2
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...G..e...........!.........~............... ......................................$.....@.............................D....0..(....@...u..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_uk.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):54592
                                                                                                                                                                          Entropy (8bit):5.574026643245629
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:QxZMuKgHWyC2EeovVHE/GfuQNyb8E9VF6IYinAM+oP9+Z9BIYiF90+1AM+o/8E92:UMu2uoEpYinAMxkWYixAMxkEw
                                                                                                                                                                          MD5:BB5F78643FDFBB3600ABB2D4529D857B
                                                                                                                                                                          SHA1:95F987F0237584B8428470EF8A34774CB18E83DE
                                                                                                                                                                          SHA-256:2D701243EFCC415F101A68D9A80BD1F93718DF906C5A9DF94B7C7210A72EEFA4
                                                                                                                                                                          SHA-512:98A80DC74B3A7FAA06401299E2260D6E5801F30C0066F6F4F3BE0B66D432E36FB72044038B839019B0EC37FB8B7317046DD69E74F2E97A7C3CA1DB277891345F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...G..e...........!.........~............... ......................................@.....@.............................D....0..(....@.. t..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc... t...@...v..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_ur.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):54080
                                                                                                                                                                          Entropy (8bit):5.583323336112305
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:avoo+OmAcoWACeesYQEpYinAMxYn/YiGAMxkEj:am7HxG70x3
                                                                                                                                                                          MD5:0E98103A45EBECEDAE05F0EB6BB4AE6B
                                                                                                                                                                          SHA1:4FD5E0061553B702FC058A1052B6A0CE58F470D7
                                                                                                                                                                          SHA-256:B5931F32C31EFFB7FC90F95CD27481DB36B6BDB31FBB982CA787794D7E51F892
                                                                                                                                                                          SHA-512:DC37D909B89017BB2395D8C809D65427AE8C485075FD4D725D3A9BB636A43E0540DA712026CED6BD59BD634743C3A10471D2D7FBBAAF962BAFFFB52DE7F845D6
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...G..e...........!.........|............... .......................................'....@.............................D....0..(....@...s..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....s...@...t..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_vi.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):54080
                                                                                                                                                                          Entropy (8bit):5.499322127248548
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:ZF7ysKFjncHNyb8E9VF6IYinAM+oP983nX18hIYiF9nX/qAM+o/8E9VF0NynU:LysKVcrEpYinAMxmnzYiKAMxkEG
                                                                                                                                                                          MD5:7A22F812F92B7F00EF38A14A70BE3F82
                                                                                                                                                                          SHA1:F1D265A2C835DCDD6225889E895EEDB7094943A2
                                                                                                                                                                          SHA-256:B3886AF3ABCF6880516189F822DB806524564AAB38F7F9C8AF9052F632BFEA0B
                                                                                                                                                                          SHA-512:4B82DDE7A1FBC563D7000A034AD943B7AC562CDC8757A70E1899FB418BB7EB3632A6E2BB8227F296DA503EAF16FA3398529CA7781AF606DFC31060E71CF999C5
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...H..e...........!.........|............... ......................................x.....@.............................D....0..(....@..Xs..............@Q......$.......T...........................`...@............0...............................text...4........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Xs...@...t..................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_zh-CN.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):48448
                                                                                                                                                                          Entropy (8bit):5.620247349904402
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:ZAURXZshAWB8Nyb8E9VF6IYinAM+oP9QNA9BPxo0IYiF9YU2AM+o/8E9VF0NyZg:HEAWBcEpYinAMxQYi6AMxkEk
                                                                                                                                                                          MD5:66B5ABEC8E4B2CABF62B68BD265A48B9
                                                                                                                                                                          SHA1:5CA58A3B929FC41E617F4CD205317B86E5346642
                                                                                                                                                                          SHA-256:BBEADD3AF22684259C95C463660AF9C35BA150A00A823B419DF4C633BD1B53CD
                                                                                                                                                                          SHA-512:F6958C4D687040E17B9A85DC59F26FF2E4B9321D05165946C744F97AB6D29ACFDC8DC531C3B68A25BEFF13BB566D73DC6FD95DA0A292B24F013C0270A27B0137
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...H..e...........!.........f............... ............................................@.............................G....0..(....@...]...........l..@Q......$.......T...........................`...@............0...............................text...7........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....]...@...^..................@..@.reloc..$............j..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\goopdateres_zh-TW.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):48448
                                                                                                                                                                          Entropy (8bit):5.631167984677434
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:ZuHOldGBiuNyb8E9VF6IYinAM+oP9Hs4S4U7IYiF9cO/TqlAM+o/8E9VF0Nyq2:fg5EpYinAMxeEYiV/TqlAMxkE3
                                                                                                                                                                          MD5:7B02084502F62AB08E9F4DDEE91A3068
                                                                                                                                                                          SHA1:4588AC3DE96A3DE4E11E0DF0079C58D45208BD8C
                                                                                                                                                                          SHA-256:8F04BB3D46A4BC4EB58A250296F6B8C97CA37FAC73319D7C7BD8D89CE9AC098B
                                                                                                                                                                          SHA-512:131FC0928334771CFFEA4CB4AEDF7E993CFEA819E492033601F5025C31C900413E9E534B5982040147B2D4F3EDBB764D588E78EA217DB0CA8C34FA3550EEDD55
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B/.I#A.I#A.I#A..VE.L#A..Q@.J#A.I#@.O#A..VH.H#A..VA.H#A..V..H#A..VC.H#A.RichI#A.........................PE..L...H..e...........!.........f............... ............................................@.............................G....0..(....@...]...........l..@Q......$.......T...........................`...@............0...............................text...7........................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....]...@...^..................@..@.reloc..$............j..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\psmachine.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):282432
                                                                                                                                                                          Entropy (8bit):6.580618907494474
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6144:eRGm4nC4FXoZGxrxAO0e8x5q9Sj/aazvo:eGm4nXFXoZ4qeK5hZo
                                                                                                                                                                          MD5:B5BDDAF2C405EE17FAF06640D0F27397
                                                                                                                                                                          SHA1:4FEAD2DC9C066B21C99ACF1646D63A457E5587D0
                                                                                                                                                                          SHA-256:94B5ADE4D93F125632A7C8DBF79F99DEA877C28C2F40A9CA47C3C660A822CE4F
                                                                                                                                                                          SHA-512:D620835B8A46E2F0363B2FD1D0A38D58E4BAAA32F1B2DA0F8B9AB8286E031A8B4CA9077C53F88881ED827488C104D1EE099074A2FB7E4A786E8D12901EB4D2BA
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............A..A..A...@..A...@}..A...@..A...@..A...@...A...@..A...@..A..Ap..A...@..A...@..A...A..A.`A..A...@..ARich..A........................PE..L...=..e...........!.........................@...............................P......P.....@.........................@X.......X...........h..............@Q... ..T)...G..T....................H.......H..@............@..|............................text............................... ..`.orpc...c....0....... .............. ..`.rdata...,...@......."..............@..@.data....2...p.......P..............@....rsrc....h.......j...j..............@..@.reloc..T)... ...*..................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\psmachine_64.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):359232
                                                                                                                                                                          Entropy (8bit):6.269305509202009
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6144:YgW2y+X80/lGibh/Y7+Vkm5RVsMwbQYohXbBW+15qqpj/aak:/LX8klGibhA7+VlRGbQYobt5/q
                                                                                                                                                                          MD5:7931008AC869E46D780872FDE1ED4328
                                                                                                                                                                          SHA1:37B92B318D5252DDC9CAD22BCC37378124BB92CA
                                                                                                                                                                          SHA-256:971C492072C6E6E6DDB0B8584059E9AF58F3B089DECB151FD860599E818AD1FD
                                                                                                                                                                          SHA-512:E1A69A6DBF917D336F93783CB60D4D8FE5D7A2A15B2C993AA27A63DD87CFCE235BB4C9D7EC46359BA65C9D610D6CB369EA3BE5058192410C93C36B73B585A579
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........2c..S..S..S..c!..S..c!...S...&..S...&..S...&...S..c!..S..c!..S..S...R..z&..S..z&..S..z&..S..S..S..z&..S..Rich.S..........PE..d...B..e.........." .................D....................................................`..........................................\......4]...........h.......%...*..@Q...........1..T....................3..(....2..8...............8............................text............................... ..`.orpc...$........................... ..`.rdata..>...........................@..@.data...LM.......(...\..............@....pdata...%.......&..................@..@_RDATA..............................@..@.rsrc....h.......j..................@..@.reloc..............................@..B........................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\psmachine_arm64.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) Aarch64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):327488
                                                                                                                                                                          Entropy (8bit):6.0919814113297415
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6144:MeyV9fNJmbkqhyVVVz6a+/hRy3LZkMyeRobT28r5RIf7Kj/aaLA:fyDB/IMlG2k5au6
                                                                                                                                                                          MD5:8A08A9BBC3817967911FAEBB23D3892B
                                                                                                                                                                          SHA1:41D7426E52AF9E489767A87BCB3B1D0D10992BE3
                                                                                                                                                                          SHA-256:DF412FE80FB7C2DDA4FC6067641D8A86C53A98C8E8AF2712D657AE8610AE7646
                                                                                                                                                                          SHA-512:F5C77E3DA56FD9C9171EA04B2F28D20EB1B62EA82AD0CCE371896AF592E7B6023FC478343A4481F1D73678425257AFCE8A8A591F724E90CCB57EB72CEAF0B8DE
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................."......."...n......................."......."...........E...;.......;.......;.Q.......9.....;.......Rich............PE..d...c..e.........." .........(.......q....................................... ............`.........................................0....................h...p..H.......@Q..........p...T.......................(.......8............................................text.............................. ..`.orpc... ........................... ..`.rdata.. D.......F..................@..@.data...,K... ...(..................@....pdata..H....p......................@..@.rsrc....h.......j...0..............@..@.reloc..............................@..B................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\psuser.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):282432
                                                                                                                                                                          Entropy (8bit):6.580127272835487
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6144:2RGmVviIKXox+xDvAOlXMx5qNSj/aazvVP:mGmVv3KXoxefX65hZl
                                                                                                                                                                          MD5:51529BD404AD6A93BACC2FAA88376CA9
                                                                                                                                                                          SHA1:1891AFC0ADAD2250EB4F36988651039BC975BC52
                                                                                                                                                                          SHA-256:ABAD43AD3E27D1E6C8611AE285AD1A7C96127DF36B98DC2FE5674B511B62421B
                                                                                                                                                                          SHA-512:D8F63D61B6BD040FE03A14AE5DBACE73B929E9781EC64A359BF2A832F564DF6D096F0231AB0F408B60C9A6FEA1BD00B15DC0B58152F718C36F3FFA48CF661652
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............A..A..A...@..A...@}..A...@..A...@..A...@...A...@..A...@..A..Ap..A...@..A...@..A...A..A.`A..A...@..ARich..A........................PE..L...F..e...........!.........................@...............................P.......^....@.........................@X.......X...........h..............@Q... ..T)...G..T....................H.......H..@............@..|............................text............................... ..`.orpc...c....0....... .............. ..`.rdata...,...@......."..............@..@.data....2...p.......P..............@....rsrc....h.......j...j..............@..@.reloc..T)... ...*..................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\psuser_64.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):359232
                                                                                                                                                                          Entropy (8bit):6.269345224951521
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6144:xgW2yufk0/lGibh/Y7+Vkm5RVsMwbQMohQbwfE15qArj/aa/:ObfkklGibhA7+VlRGbQMoJ25z/N
                                                                                                                                                                          MD5:0259892D2CB710C05CFFCA79F9686FA0
                                                                                                                                                                          SHA1:185CB66A76CD7B26AD2EAFFF6B1222A7B6C0F309
                                                                                                                                                                          SHA-256:843DFFA160083155BCC046EBD3C99FA035044156C203A7AE191C629CD83A0EF7
                                                                                                                                                                          SHA-512:F9A0A25C5D95584055E097593F42FCA04BB4A80BA48A5AC0D592C88273D90896AEB4C975DE72CCB93886209AFFF3F18D771CA7D948AF5BB03B277250D5ED1A97
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........2c..S..S..S..c!..S..c!...S...&..S...&..S...&...S..c!..S..c!..S..S...R..z&..S..z&..S..z&..S..S..S..z&..S..Rich.S..........PE..d...K..e.........." .................D....................................................`.........................................p\...... ]...........h.......%...*..@Q...........1..T....................3..(....2..8...............8............................text............................... ..`.orpc...$........................... ..`.rdata..&...........................@..@.data...LM.......(...\..............@....pdata...%.......&..................@..@_RDATA..............................@..@.rsrc....h.......j..................@..@.reloc..............................@..B........................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\psuser_arm64.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) Aarch64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):327488
                                                                                                                                                                          Entropy (8bit):6.091915599984797
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6144:0eyV9fNJmbkqhyVVVz6a+/hRy3LZkMyeHo+TAYr5RIf7Kj/aamO:3yDB/IMlpAw5au/
                                                                                                                                                                          MD5:8C35995DEDA169AF62A83A5F302C9EB1
                                                                                                                                                                          SHA1:A45BE3269442DFC9A4D89EFF0003E2292349C2CE
                                                                                                                                                                          SHA-256:0C5845A003CE6480B24712459725581839E36B00514DA26D4214853107E090D0
                                                                                                                                                                          SHA-512:2D660FB5CEE6C99E3A6AC54872D0F404E9F7A21B141FBCC067BE40EECDEAE29AC2D1E5141211CFB704EE70BDE40C4D5336E3538F0883143245B90BBBB82F63D8
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................."......."...n......................."......."...........E...;.......;.......;.Q.......9.....;.......Rich............PE..d...g..e.........." .........(.......q....................................... ......6.....`.........................................0....................h...p..H.......@Q..........p...T.......................(.......8............................................text.............................. ..`.orpc... ........................... ..`.rdata.. D.......F..................@..@.data...,K... ...(..................@....pdata..H....p......................@..@.rsrc....h.......j...0..............@..@.reloc..............................@..B................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):175424
                                                                                                                                                                          Entropy (8bit):6.036513000632513
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3072:cQPidj5By4/EeaZL8Z0BFri9WSfWJVVqH9B+bCe5kNtupnu0D6EDpf34fdjdEcRh:heaCSgfuqdB+i48
                                                                                                                                                                          MD5:7ACF578621988C8B80F4D7EF7A12B89F
                                                                                                                                                                          SHA1:184A42476F12A89731F608C7198E47BFC35A8364
                                                                                                                                                                          SHA-256:633B554A26AD05C06DFE33A50F6D69E9160207F3168E15FFD3CB5652B1E8E9D4
                                                                                                                                                                          SHA-512:DDB593D8A6BC515DCA7A4EADB2F50C28C8E61E9A829186BE9B9E8B19371E969FE055104DEFFD8CD5CD9B48F2468EC8B3D7BF6AEE45079E445D3FE42696E2D5A2
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........m....A...A...Ao..@...Ao..@2..Ao..@...A..@...A..@...A..@...Ao..@...A...A...Av..@...Av..A...A...A...Av..@...ARich...A........PE..L...)..e.................<...(.......z.......P....@.................................A.....@.................................`q..x.......0............\..@Q...... ....^..T...................@_......X^..@............p..\............................text...4;.......<.................. ..`.data........P.......@..............@....idata..P....p.......J..............@..@.rsrc...0............T..............@..@.reloc.. ............J..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\Download\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\122.1.63.174\brave_installer-x64.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):124775448
                                                                                                                                                                          Entropy (8bit):7.999996586829686
                                                                                                                                                                          Encrypted:true
                                                                                                                                                                          SSDEEP:3145728:G7pzQwa6D75W9AobFmNOlpCbLcRLq4vtpN8/RKA/gSBa5:GdzjD7s9FlgsRL9Vo/u5
                                                                                                                                                                          MD5:40976C35E6CA27871F134A8A2FCAFC21
                                                                                                                                                                          SHA1:FAA553B01EE47E9079F24A930BCE454BC2D48B37
                                                                                                                                                                          SHA-256:F5E6C9BA8FB7867D041BC5D7591B50714688FBD31E6716A4D631D549ECEEB03C
                                                                                                                                                                          SHA-512:4B178177039B894A92E712BFBE7358BB84F2830E8E042B77B3C1864A449F48FAADE7F5F016BC9C03B946BB47AF8389A3DE62C8CC283B9A948021E04338BEBDD6
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...(..e.........."......8....o................@............................. p.......p...`..................................................Y..P........go...........o..(....p.(....X..............................PP..@...........0\...............................text...67.......8.................. ..`.rdata..`....P.......<..............@..@.data...p....p.......R..............@....pdata...............T..............@..@.retplne.............X...................rsrc....go......ho..Z..............@..@.reloc..(.....p.......o.............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\Install\{4F196A2A-B4D3-469B-B59C-F68107B39DD0}\CR_290C8.tmp\CHROME.PACKED.7Z

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Update\Install\{4F196A2A-B4D3-469B-B59C-F68107B39DD0}\brave_installer-x64.exe
                                                                                                                                                                          File Type:7-zip archive data, version 0.4
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):123339642
                                                                                                                                                                          Entropy (8bit):7.999998598936994
                                                                                                                                                                          Encrypted:true
                                                                                                                                                                          SSDEEP:3145728:c7pzQwa6D75W9AobFmNOlpCbLcRLq4vtpN8/RKA/gSBaE:cdzjD7s9FlgsRL9Vo/uE
                                                                                                                                                                          MD5:86EFBF7DFA2540421459D8F126B69DFF
                                                                                                                                                                          SHA1:B2F977F8D49B4B52B9194A21995A72671F428DB0
                                                                                                                                                                          SHA-256:3CF48645EAE5008E76B836860C0E97BA396393ABB3BF169272A3740644291EA3
                                                                                                                                                                          SHA-512:1940ED706A6B88C7769B365665DD5DC9405CAD87A9E52A88F85C8F20B41C20453836146D2981DAC547B34B0F66E223161463B14612EA3EECE50BF0D50DB98511
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:7z..'.....%...Z.............,0........8%D...o\3.3A.....B.h4......jh.-.}...XJ...u.../..sA...!k"... D.[p.....'.PV|S.F=..X.1...........?.....].+.xu%3.j..B..r.U.....F..Y.V..D..c!.-/0..x/.........X...d..z.b..$k..Fk.....VU.........l.c...c`\.....*6R.R.W`...nb.hK...(.}.YX...3.Vg. ..P....1.<....9O.?H.ma..H..x...P.>......Ce.....o^F.OE+..\hrc..J%".76..C.3...F0.|..7....4....$fw.j..r..xP....+5.Wi.F..?...rSg.A.L.....X...."...:....X....Vd.....YDvabU;..Y.[f...8...U...g...v..w".Qz..(.u8Z....M.N../..5.C*.7....Y.....:.....hv+...N.4.:....D7..s..S..#....<`u..v..x.S...o..N..r. .C.,E..G....w.qP..Yc....:...o'-h.)....%...H..U......}..1...-$\......../S....~4#..<C...^....9.h.>-Y.......3e-.......38.+`F....Ao...)..y.m.<....l.-..'6=vq.wC.. h9.`......s...V.........J.1g^J.n~......7w...<....a..../..7f..;.-..K.......NQ.......c.[.~.PI......V.A.v.f.@..x..|.1...............n..\...n.Wq9f....3.E....D.*...|..._.H$.df._....J.l;1..;..v9.z......8.Az.J.`.?.u.Z7.S\,}3A9\.Ai..` .

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\Install\{4F196A2A-B4D3-469B-B59C-F68107B39DD0}\CR_290C8.tmp\SETUP.EX_

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Update\Install\{4F196A2A-B4D3-469B-B59C-F68107B39DD0}\brave_installer-x64.exe
                                                                                                                                                                          File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 1398528 bytes, 1 file, at 0x2c "setup.exe", number 1, 106 datablocks, 0x1 compression
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1398528
                                                                                                                                                                          Entropy (8bit):7.997895296558124
                                                                                                                                                                          Encrypted:true
                                                                                                                                                                          SSDEEP:24576:Ya8jjP9IJP9Z/SYOSvOI5cWYXQ8GRax5zy3x51HKibc6ipXEnbsZg+SzDE:Ypjr9IJl8cOUc3Q8/zyh5JKib/osbsZL
                                                                                                                                                                          MD5:4779AEF1A790DC6877982099B73D0830
                                                                                                                                                                          SHA1:84F3CC4D75FDFA339094C09CC3AAA084B1C58447
                                                                                                                                                                          SHA-256:2C528B0F11BFE7788F8A95091B9C4E624B4A22173FE1F94DDDBF49B190100C9C
                                                                                                                                                                          SHA-512:EC6F7287EE608EF832F8AEB331584FC3C6DF0C9D257DD324485DD6FE4274F9AB5129181787535D890584D5EAA38741A1E64F4E0DA52098D957185A37A2386B9E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MSCF.....W......,...................F...j.....4.......mX,C..setup.exe.....j...CK.].P.W..!.N..7X..q..l.u..-w...u.......I....V*.4..;......J...n....ck/u.....s...b..h~h..u........}..u.o..F...~..u.{....y...~.%.m.L.$.........e.y/C.y..Gw.J.=Z....V]...q...vy<Z.m..[.F...cs,..m.V.f.,I..$.rK.d......+.w...2$i.]..=....$......4IJ.D..%....?...J.m..]..>..\.i.7`_O......T.|B.&..o-..!....T..$.o.r....W..J......vM.._o.k.yuk6.a....."...A.y5..:.$)Wqr......#.C....e.....;.'I_..{.....r...4...y.....E.9...y..}._}"...5u.n..*h...I.E^....x..qp..=.....u.Z.. [......ZTZ..Z>.\....%..EE..L*.2...vW.....P.VP.....S...w......PA.~.gq....Y.<...%..{_\..>.s..&}....D_.Si....g..K......l%[..+.+...m........`R.6[e..NQ..O...O%.y....CIY.([Y]nWV/.C!..LC.lSY.y....U..Ue.S...S..'g)..7._......{...l.hSY...I.l./.B..M..B.A...D.W!...2...).B2.O2..2......E..des.-Q"j.Q#..#B.uG.Q.'uy..<...{Yc.....z...0.........X..D.l........D.N...N\......H...#..=....i....8~...'@..;...;..]a.. A...D...3HL..,p....|.....

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\Install\{4F196A2A-B4D3-469B-B59C-F68107B39DD0}\CR_290C8.tmp\setup.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Update\Install\{4F196A2A-B4D3-469B-B59C-F68107B39DD0}\brave_installer-x64.exe
                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3458072
                                                                                                                                                                          Entropy (8bit):6.570710999931397
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:49152:6rExC6sQI1X3DuLCyJ6kLi7XssLIkmMgtfhXbcszPMuX:Z6ke7csgP
                                                                                                                                                                          MD5:41F40C4225A40DC6DA684E5F40CAABF2
                                                                                                                                                                          SHA1:25F509B439071AABBFADB37D74FF20D8FAE5AC32
                                                                                                                                                                          SHA-256:0AF286D49A182A01201C6AFC9154520D85499301DB2172C47FEF7FDAD6EF7514
                                                                                                                                                                          SHA-512:5810B523F14FE12EF0A62F580D0CDA7326175585D31052A8A666FB1FD31D490249ECB5E65A388DE5C813BC90BF2A9EA40DAE0C337291FFA0F62F55DA216E1E4B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...(..e..........".......(.........p..........@..............................6.....9s5...`.........................................#.,.N...q.,.|....@1......`/.......4..(....5.T%..|u,.....................Pt,.(...P.(.@.............,.......,.@....................text....(.......(................. ..`.rdata..H.....(.......(.............@..@.data.........-......|-.............@....pdata.......`/......r..............@..@.gxfg...`1....0..2..../.............@..@.retplne......0......./..................rodata.......0......./............. ..`.tls..........0......./.............@...CPADinfo8.....0......./.............@...LZMADEC.......1......./............. ..`_RDATA..\.... 1......./.............@..@malloc_h.....01......./............. ..`.rsrc........@1......./.............@..@.reloc..T%....5..&...v4.............@..B........................................................

                                                                                                                                                                          C:\Program Files (x86)\BraveSoftware\Update\Install\{4F196A2A-B4D3-469B-B59C-F68107B39DD0}\brave_installer-x64.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):124775448
                                                                                                                                                                          Entropy (8bit):7.999996586829686
                                                                                                                                                                          Encrypted:true
                                                                                                                                                                          SSDEEP:3145728:G7pzQwa6D75W9AobFmNOlpCbLcRLq4vtpN8/RKA/gSBa5:GdzjD7s9FlgsRL9Vo/u5
                                                                                                                                                                          MD5:40976C35E6CA27871F134A8A2FCAFC21
                                                                                                                                                                          SHA1:FAA553B01EE47E9079F24A930BCE454BC2D48B37
                                                                                                                                                                          SHA-256:F5E6C9BA8FB7867D041BC5D7591B50714688FBD31E6716A4D631D549ECEEB03C
                                                                                                                                                                          SHA-512:4B178177039B894A92E712BFBE7358BB84F2830E8E042B77B3C1864A449F48FAADE7F5F016BC9C03B946BB47AF8389A3DE62C8CC283B9A948021E04338BEBDD6
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...(..e.........."......8....o................@............................. p.......p...`..................................................Y..P........go...........o..(....p.(....X..............................PP..@...........0\...............................text...67.......8.................. ..`.rdata..`....P.......<..............@..@.data...p....p.......R..............@....pdata...............T..............@..@.retplne.............X...................rsrc....go......ho..Z..............@..@.reloc..(.....p.......o.............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\ProgramData\Microsoft\Network\Downloader\edb.log

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1310720
                                                                                                                                                                          Entropy (8bit):1.3530713539761876
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3072:5JCnRjDxImmaooCEYhlOe2Pp4mH45l6MFXDaFXpVv1L0Inc4lfEnogVsiJKrvrt:KooCEYhgYEL0In
                                                                                                                                                                          MD5:055F52BE176056644B62A7FBE20FB44C
                                                                                                                                                                          SHA1:EFA39C017786C1B8B656A54D9898972A14D50B5E
                                                                                                                                                                          SHA-256:BD88352414599D10F516A22ACE2E9635FDC24BC85676A5095C07D82A9D09A4AE
                                                                                                                                                                          SHA-512:A426BD789103DD270FBE9442C47208BACFC088FEE98936DAFDAFC84F9E78F63EFD7F378ACE1B884D02EE905B31E9BB2B8911CF4BAE2570E7F672FCD9411D9E8D
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:z3..........@..@.;...{..................<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@..........................................#.................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                          File Type:Extensible storage engine DataBase, version 0x620, checksum 0x24b362ca, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1310720
                                                                                                                                                                          Entropy (8bit):0.42216723181386895
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:1536:RSB2ESB2SSjlK/dvmdMrSU0OrsJzvdYkr3g16T2UPkLk+kTX/Iw4KKCzAkUk1kI6:Raza/vMUM2Uvz7DO
                                                                                                                                                                          MD5:9C5B7BE3B7D4835929278A5C01F012B1
                                                                                                                                                                          SHA1:B91DAE8FF0B1DC24803EAFC04FCDB566E7667906
                                                                                                                                                                          SHA-256:2C228C15B717A1B94B0E47C1C3001461FA1F09CEC076EA69134B1175E1F5784A
                                                                                                                                                                          SHA-512:1421B685ED0E5333AF266B6E588D12C6E0550E5A5B58F56C9B119013B20A05C5EAAED9CC6FE77EFD63527FCD0356BE1C4D97EE6C5CAFF64B9F4848CD5C3E4BDB
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:$.b.... .......A.......X\...;...{......................0.!..........{A......|..h.#.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........;...{...............................................................................................................................................................................................2...{..................................E........|..................#../.....|...........................#......h.#.....................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):16384
                                                                                                                                                                          Entropy (8bit):0.07723066764839415
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:hUYeW6uUp+CCjn13a/HK9s3bplqllcVO/lnlZMxZNQl:hUzpp+x53qHKmpQOewk
                                                                                                                                                                          MD5:2B3659059F45AF22C059B84EA60286A7
                                                                                                                                                                          SHA1:C3A934DA58C64C9E48F6EDD38316EE3D8E7D85F1
                                                                                                                                                                          SHA-256:47C69CD8F0A58DB3BFF2D3559668C853B44947BAABD742F98B49589C11E30A77
                                                                                                                                                                          SHA-512:FBBB44B843F680EB6F56670078CDA4613FBBFEED89E9D18DD3F880F6873D510E3F624DBAAB553FFAA7798301451E46B872800815084CB9EEF297B7E13B6909C5
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:...-.....................................;...{.......|.......{A..............{A......{A..........{A]................#../.....|..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\1KS66GOV\www.msn[1].xml

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):126
                                                                                                                                                                          Entropy (8bit):4.981420475477114
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:D9yRtFwsSxzqC+eAsZQK4YHFk6Qk7hM9qTVPAFKb:JUF+FqCqwP37ayAkb
                                                                                                                                                                          MD5:AC7BE240641C7D117E9546090C5EB358
                                                                                                                                                                          SHA1:0C539E03E182FA81FCD221ACDE0187D4EBF96E56
                                                                                                                                                                          SHA-256:D072235CB31296D72F49DA28FE37C67CF6DC56C97979C45BE52F1ED38F152121
                                                                                                                                                                          SHA-512:B5E03DC6AC0763A466340A0356029F922C98C73CBB4271C79BCA9F9195E4C1E8C6948FE181DB60A4348BBB377F827117FC35482D44496839C6BF1A65BCC47BEE
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<root><item name="pageVersions" value="{&quot;hp&quot;:&quot;20240314.96&quot;}" ltime="2876272240" htime="31095060" /></root>

                                                                                                                                                                          C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4286
                                                                                                                                                                          Entropy (8bit):3.8046022951415335
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:suZOWcCXPRS4QAUs/KBy3TYI42Apvl6wheXpktCH2Yn4KgISQggggFpz1k9PAYHu:HBRh+sCBykteatiBn4KWi1+Ne
                                                                                                                                                                          MD5:DA597791BE3B6E732F0BC8B20E38EE62
                                                                                                                                                                          SHA1:1125C45D285C360542027D7554A5C442288974DE
                                                                                                                                                                          SHA-256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
                                                                                                                                                                          SHA-512:D8DC8358727590A1ED74DC70356AEDC0499552C2DC0CD4F7A01853DD85CEB3AEAD5FBDC7C75D7DA36DB6AF2448CE5ABDFF64CEBDCA3533ECAD953C061A9B338E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:...... .... .........(... ...@..... ...................................................................................................................................................................................................N...Sz..R...R...P...N..L..H..DG..........................................................................................R6..U...U...S...R...P...N..L..I..F..B...7...............................................................................S6..V...V...U...S...R...P...N..L..I..F..C...?..:z......................................................................O...W...V...V...U...S...R...P...N..L..I..E..C...?...;..{7..q2$..............................................................T..D..]...S)..p6..J...R...P...N..L..I..E..B..>..;..z7..p2..f,X.........................................................A..O#..N!..N!..N!..P$..q:...P...N..K..I..E..A..=..9..x5..n0..e,...5...................................................Ea.Z,..T$..T$..T

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\0584cb43-b81f-490c-a5f6-c7fb4dbe1219.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:modified
                                                                                                                                                                          Size (bytes):77137
                                                                                                                                                                          Entropy (8bit):6.07657161314631
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:1536:eFmi3bXYQBaf8dP0S7xidXuRdJ7bzYW4n3HnsehOpz0IwBZpBJ:Zi3bXY7kdP0SfRbbzYZn3H2pzBaZJ
                                                                                                                                                                          MD5:2014ECE8AA9B8E33DB07F4E220213243
                                                                                                                                                                          SHA1:CFA36C0B765D04ECE609D707BDE50E5A5314D0C7
                                                                                                                                                                          SHA-256:F1C72CF1391AFF6D1D238882D6813D753D75BF872EBA350231503A2FC8D89682
                                                                                                                                                                          SHA-512:EF1595C9DBDFE803EF3AFEC5F403F8D42CA577656824A44D7165E8B10245B67F21F7D21797F32A2B6B3AF37103941EFAA28EFF88519B2DF598733499BCD2A94C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"2C0F69384C552B8D73643971270674692CF506B7F6C6B94E46F1EDD23D076B4C\"","apps_count_check_time":"13355226854517077","browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL19a3PktrH2X1HpU5LyQNLe5M355HeziV3Jxi5nU656T6VUIIghIYIAF5eZ4bj83083ONJKOwRmmutzPngtUXxwY6Nv6G78evmdqa1z/N/f/biRzqlaXv7510s+DFoJHpQ1/vLP//2fby4HCw+UxN9+vTS8h9cu39eN/Pd3l99chnHA3wfuguL6ZzloLmQvTYC/bbiO+MfvoEn5i6z+rsLV65e37OWbiz/8/fuPH/7xzYVWnbz4mxSd/ePFu9bZXl7dXrNr9vL1y2/ZzfWLi3/xNXfqAYbdXt3AX25v37y8/O2bx/FM2KcjkvDqR9tJMz+mp+C/2H/a8LgGjy3Uzx4/eR9H8fbt/8rk376Fyb/69tUrdvvqeO7Tn29uXl+z16+Pp/9/Pqa5LwBE9U4r6O97ZYIvf4+jdw8D/PXSS7ES7SryFa/rRHiV4wZ+uvybtY2Wh7Fd/gb0+fldJ3u7Afx/X35Qwllv1yGRzCW8Fb10d7yBzu7sI7kDGWAL8LsHer/8881v31zyzc2dsLUUd2vJQ3TyTrSwHk9QR5vk8EDWd2mvjNDwj0P4MeKa17bnCpq+NDKstdoxYfu0budDfIi1sn5CZjbkI/iw3N9tbt7hJP46zeEdTuHwztGMRd1TZ2f0+H43WC9/0nz8WfJ

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\2b59dd09-7300-4e89-82e9-85bf0e686186.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):7571
                                                                                                                                                                          Entropy (8bit):5.56954590102972
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:odsNwjMtViRUh8iQdQrEkOb+TgVs93l8v8:odsNw4G88iQirfORVs918v8
                                                                                                                                                                          MD5:FC2DE4F7D315B04752B291FB0C823CB4
                                                                                                                                                                          SHA1:438733C4CBBAF79E182E3B33CA50F400E6BF4A2E
                                                                                                                                                                          SHA-256:AA1D856AFAD7C2323DD4D71CC8FECF02E8B76907D15A6A94C806BC123BFEB65C
                                                                                                                                                                          SHA-512:95B00B4BF84B9FB29AD8F5518704B90209F647ED2F241ED8533870F73182BDF78EB54606785A02D9FC3B7A323360EF5394B9814376BB07B60525DD6114FD1960
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"apps_count_check_time":"13355226854517077","browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAAMAAAAAAAAAAAA=","dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"oem_bookmarks_set":true,"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"host_package_checked_on_browser_version":"117.0

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\3083688f-e666-44d9-ba2b-315ff57490c0.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):77098
                                                                                                                                                                          Entropy (8bit):6.076523623633539
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:1536:eFmi3bXYJBaf8dP0S7xidXuRdJ7bzYW4n3HnsehOpz0IwBZpBJ:Zi3bXYikdP0SfRbbzYZn3H2pzBaZJ
                                                                                                                                                                          MD5:0E2BAD60471519F4578140B43219320B
                                                                                                                                                                          SHA1:17ADE5063A94B5472031614C152E120D578B341E
                                                                                                                                                                          SHA-256:FEA879B4971D42C7DC60A7C11326155E47A3FA47D34D9FD17D7E25E260129352
                                                                                                                                                                          SHA-512:72DC3F81DFA1F416F3843BA9F8E75F68344D8EB57406F65DCEEBB93BE60DE4419C8BCEBB1325B1928CFC5B252D908CA0C10433FB58A1E3A5EBD67EAF98A9F703
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"2C0F69384C552B8D73643971270674692CF506B7F6C6B94E46F1EDD23D076B4C\"","apps_count_check_time":"13355226854517077","browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL19a3PktrH2X1HpU5LyQNLe5M355HeziV3Jxi5nU656T6VUIIghIYIAF5eZ4bj83083ONJKOwRmmutzPngtUXxwY6Nv6G78evmdqa1z/N/f/biRzqlaXv7510s+DFoJHpQ1/vLP//2fby4HCw+UxN9+vTS8h9cu39eN/Pd3l99chnHA3wfuguL6ZzloLmQvTYC/bbiO+MfvoEn5i6z+rsLV65e37OWbiz/8/fuPH/7xzYVWnbz4mxSd/ePFu9bZXl7dXrNr9vL1y2/ZzfWLi3/xNXfqAYbdXt3AX25v37y8/O2bx/FM2KcjkvDqR9tJMz+mp+C/2H/a8LgGjy3Uzx4/eR9H8fbt/8rk376Fyb/69tUrdvvqeO7Tn29uXl+z16+Pp/9/Pqa5LwBE9U4r6O97ZYIvf4+jdw8D/PXSS7ES7SryFa/rRHiV4wZ+uvybtY2Wh7Fd/gb0+fldJ3u7Afx/X35Qwllv1yGRzCW8Fb10d7yBzu7sI7kDGWAL8LsHer/8881v31zyzc2dsLUUd2vJQ3TyTrSwHk9QR5vk8EDWd2mvjNDwj0P4MeKa17bnCpq+NDKstdoxYfu0budDfIi1sn5CZjbkI/iw3N9tbt7hJP46zeEdTuHwztGMRd1TZ2f0+H43WC9/0nz8WfJ

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\4e9f9b4e-0407-495e-a4ed-e3f646e5783f.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:modified
                                                                                                                                                                          Size (bytes):27132
                                                                                                                                                                          Entropy (8bit):6.071658987266338
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:eF5kruq4eVbAXbUONQO6XeMQWonubZpG22:eFmi3bXYLOwBZpB2
                                                                                                                                                                          MD5:3C50722AD956674662E15B8DF2A0D43F
                                                                                                                                                                          SHA1:D8539CF46DF620CE33C285E058A12A371BEA3100
                                                                                                                                                                          SHA-256:8CFA0921274CF0DCD9923B6D1DD263497B4A959B4915883531630B9D157C5FD3
                                                                                                                                                                          SHA-512:59D49B41088D2C261BF5A479DDE61033366E641A21AA05D04F3070AA2E4220EC7A4FA77A696DC3A06A44DF5521F3BFE54712CBC0EEBAC856822E01589A9919F6
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"2C0F69384C552B8D73643971270674692CF506B7F6C6B94E46F1EDD23D076B4C\"","apps_count_check_time":"13355226854517077","browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL19a3PktrH2X1HpU5LyQNLe5M355HeziV3Jxi5nU656T6VUIIghIYIAF5eZ4bj83083ONJKOwRmmutzPngtUXxwY6Nv6G78evmdqa1z/N/f/biRzqlaXv7510s+DFoJHpQ1/vLP//2fby4HCw+UxN9+vTS8h9cu39eN/Pd3l99chnHA3wfuguL6ZzloLmQvTYC/bbiO+MfvoEn5i6z+rsLV65e37OWbiz/8/fuPH/7xzYVWnbz4mxSd/ePFu9bZXl7dXrNr9vL1y2/ZzfWLi3/xNXfqAYbdXt3AX25v37y8/O2bx/FM2KcjkvDqR9tJMz+mp+C/2H/a8LgGjy3Uzx4/eR9H8fbt/8rk376Fyb/69tUrdvvqeO7Tn29uXl+z16+Pp/9/Pqa5LwBE9U4r6O97ZYIvf4+jdw8D/PXSS7ES7SryFa/rRHiV4wZ+uvybtY2Wh7Fd/gb0+fldJ3u7Afx/X35Qwllv1yGRzCW8Fb10d7yBzu7sI7kDGWAL8LsHer/8881v31zyzc2dsLUUd2vJQ3TyTrSwHk9QR5vk8EDWd2mvjNDwj0P4MeKa17bnCpq+NDKstdoxYfu0budDfIi1sn5CZjbkI/iw3N9tbt7hJP46zeEdTuHwztGMRd1TZ2f0+H43WC9/0nz8WfJ

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\6fbe3d5a-fc4e-4a22-b2cd-2d9c6f7817d4.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):8259
                                                                                                                                                                          Entropy (8bit):5.796138671980748
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:fsNA0MteiRUhdQ7QrEkOb+Tgh6qRAq1k8SPxVLZ7VTiQ:fsNApd8dQMrfORh6q3QxVNZTiQ
                                                                                                                                                                          MD5:F31233C5DFB33C7A5C6F699C62E9739E
                                                                                                                                                                          SHA1:C04DDCC14370117A4621A2FE1EE4BD6BADC7BF21
                                                                                                                                                                          SHA-256:BD181C4E6BF1A74BCFBFBF5838FD854949AC2BBB9A5A1C63DE02029218EBDBA0
                                                                                                                                                                          SHA-512:F5AE3017C7EFFE6303418F98F75E904934F6601164107750BC292C2687656924D83AA16F604FD192DF15234EEB4FA2EA856B6BB73C27CBE086A92C937C32D3F1
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Ve

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\99d09554-a449-429a-9f63-0e399d90509d.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):8341
                                                                                                                                                                          Entropy (8bit):5.7900497272217715
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:fsNw0MteiRUhQQ7QrEkOb+Tgh6qRAq1k8SPxVLZ7VTiQ:fsNwpd8QQMrfORh6q3QxVNZTiQ
                                                                                                                                                                          MD5:0F0179FFF323AC7DE03DAF65743D60F3
                                                                                                                                                                          SHA1:48BBB0CEC90B4C4771A450DA28E0222D0EC4FFC9
                                                                                                                                                                          SHA-256:27887DC454E6FC331739797536DED93E81EF6D4CC594D58D5B110081E6F60393
                                                                                                                                                                          SHA-512:005DBD7A136C66CE14553A3406DC86CF98F4411A3B872588AB1D3C88E96404B7A57A4F3B1354D6BC62E639AA588ECBE032CFA02C85171AA9C3BA75848285F886
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"oem_bookmarks_set":true,"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\9bcc5260-2c12-4283-93ce-596b2e3accb6.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):26110
                                                                                                                                                                          Entropy (8bit):6.0703451731050615
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:eF5kruq4eVbAXbUONrORreMQWonubZpG2J:eFmi3bXYh6wBZpBJ
                                                                                                                                                                          MD5:84A177FAAD65B0888468CD1EA8C907F2
                                                                                                                                                                          SHA1:8D9ADF6BB3E53BDAE708FE2C89D6C8208C737CD0
                                                                                                                                                                          SHA-256:F5FE10365F7A47E9CF4FC8A188A9978B5D9C71D263BC55A4D56D4B459238A6EC
                                                                                                                                                                          SHA-512:422A380E2B7A87C6B9A908D2837923F562B974990CB285383B41D07FF121E32225759BCA649DCB50C9929A66F79105CF34BD4E8C169E31EF05B77E5EEE8CE0C9
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"2C0F69384C552B8D73643971270674692CF506B7F6C6B94E46F1EDD23D076B4C\"","apps_count_check_time":"13355226854517077","browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL19a3PktrH2X1HpU5LyQNLe5M355HeziV3Jxi5nU656T6VUIIghIYIAF5eZ4bj83083ONJKOwRmmutzPngtUXxwY6Nv6G78evmdqa1z/N/f/biRzqlaXv7510s+DFoJHpQ1/vLP//2fby4HCw+UxN9+vTS8h9cu39eN/Pd3l99chnHA3wfuguL6ZzloLmQvTYC/bbiO+MfvoEn5i6z+rsLV65e37OWbiz/8/fuPH/7xzYVWnbz4mxSd/ePFu9bZXl7dXrNr9vL1y2/ZzfWLi3/xNXfqAYbdXt3AX25v37y8/O2bx/FM2KcjkvDqR9tJMz+mp+C/2H/a8LgGjy3Uzx4/eR9H8fbt/8rk376Fyb/69tUrdvvqeO7Tn29uXl+z16+Pp/9/Pqa5LwBE9U4r6O97ZYIvf4+jdw8D/PXSS7ES7SryFa/rRHiV4wZ+uvybtY2Wh7Fd/gb0+fldJ3u7Afx/X35Qwllv1yGRzCW8Fb10d7yBzu7sI7kDGWAL8LsHer/8881v31zyzc2dsLUUd2vJQ3TyTrSwHk9QR5vk8EDWd2mvjNDwj0P4MeKa17bnCpq+NDKstdoxYfu0budDfIi1sn5CZjbkI/iw3N9tbt7hJP46zeEdTuHwztGMRd1TZ2f0+H43WC9/0nz8WfJ

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):102220
                                                                                                                                                                          Entropy (8bit):4.634091164761475
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:1536:W/lv4EskMNTQps5Vdw34PsiaM++tDulXridW+LuhVag:+wRQO5VdwIT+S8GdZKVag
                                                                                                                                                                          MD5:7EE87F80FEABC3EC0D691065D8EF88C6
                                                                                                                                                                          SHA1:C3A7ED3C6DC38FBC61F30BFC67E96D1D508074FA
                                                                                                                                                                          SHA-256:83B0E433F40A48DB98103FE18BC378FD3898C747848E4EC43F575B6BDEFAA073
                                                                                                                                                                          SHA-512:790F88E531B2B3A4048E5626C97BADEC17418CEAB88C196BEC04AD31F01B51F0B905991E0C77F68378C37C3D32E34172791E47982E87BA09C4A417C01F63E85E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\fe3472fd-c064-4d50-aad4-3439e97dd440.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):102220
                                                                                                                                                                          Entropy (8bit):4.634091164761475
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:1536:W/lv4EskMNTQps5Vdw34PsiaM++tDulXridW+LuhVag:+wRQO5VdwIT+S8GdZKVag
                                                                                                                                                                          MD5:7EE87F80FEABC3EC0D691065D8EF88C6
                                                                                                                                                                          SHA1:C3A7ED3C6DC38FBC61F30BFC67E96D1D508074FA
                                                                                                                                                                          SHA-256:83B0E433F40A48DB98103FE18BC378FD3898C747848E4EC43F575B6BDEFAA073
                                                                                                                                                                          SHA-512:790F88E531B2B3A4048E5626C97BADEC17418CEAB88C196BEC04AD31F01B51F0B905991E0C77F68378C37C3D32E34172791E47982E87BA09C4A417C01F63E85E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4194304
                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3::
                                                                                                                                                                          MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                                                                                                                          SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                                                                                                                          SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                                                                                                                          SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4194304
                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3::
                                                                                                                                                                          MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                                                                                                                          SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                                                                                                                          SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                                                                                                                          SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-65F805E3-1D1C.pma

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4194304
                                                                                                                                                                          Entropy (8bit):0.34487283174682637
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3072:ldivBQQbTHHVgloMawvqfVJ0q/mkivbGPoL31qZc/pNSkqA1HcqjfXfftJccOycG:0P7uKmBiPovbMaHw7X8dlTeW
                                                                                                                                                                          MD5:3D26E2BCC1C73F435E1390943E2037B1
                                                                                                                                                                          SHA1:6823DF9D3700B5E67411725ED37627D4E44B463B
                                                                                                                                                                          SHA-256:879451E2929B14811C906F03A54892B5EA18F9A98B0F559084465A46F67091F2
                                                                                                                                                                          SHA-512:145384952002602FC24D4D344A8C3814DAB026420CEDAE5319B5AB8C04766DF80A05F960F7FACDA46B4111EE02FB3B5ABE50B81EA2E3FF84B4956F104DCD75D1
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:...@..@...@.....C.].....@...............p...0...............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....u.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452....x86_64..?........".gshvjv20,1(.0..8..B....(.....10.0.19041.5462.Google Inc. (Google):bANGLE (Google, Vulkan 1.3.0 (SwiftShader Device (Subzero) (0x0000C0DE)), SwiftShader driver-5.0.0)M..BU..Be...?j...GenuineIntel... .. ..............x86_64...J../T...^o..J...Y...^o..J..w....^o..J..A....^o..J....c..^o..J...c=..^o..J....J..^o..J..3.(..^o..J.......^o..J...b.J.^o..J...#...^o..J....k..^o..J..?....^o..J....-..^o..J..S..O.^o..J..l.zL.^o..J..1.9..^o..J..@."..^o..J..?U...^o..J..aV...^o..J..z{...^o..J..n....^o..J..0....^o..J...I.r.^o..J......^o..J..ZK...^o..J.....^o..J.......^o..J...'x#.^o..J......^o..J....\.^o..J.......^o.

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-65F80605-14EC.pma

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4194304
                                                                                                                                                                          Entropy (8bit):0.04071998454064079
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:VHt0EbtmqvDtKX7OJEa3XxxTxqZ/g+XH970R6Eqh57NgGnG1gQM9z0pn8y08TcmQ:VN0EtleK8YGFhxFCghz+08T2RGOD
                                                                                                                                                                          MD5:B51E5F1CC15F75724DACFD033448CB45
                                                                                                                                                                          SHA1:428EA69CF4DE671E4CC03FEB43E844BA2BC81253
                                                                                                                                                                          SHA-256:FF2C3376194057FB967E7D2901F73923EBF44396B2F0B8552024FCED70BA1C58
                                                                                                                                                                          SHA-512:AAEAB482490A1C08277F9CD3437323489326D1849EA502F8F385842D67771A22C601F21463E1C5511ACBBEB05CB46865D6506C4CBE1F7E51EFB1361627873B16
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:...@..@...@.....C.].....@................b...Q..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....q.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".gshvjv20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./......................w..U].0r........>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z...........................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\CrashpadMetrics-active.pma

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):16384
                                                                                                                                                                          Entropy (8bit):0.3553968406659012
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:biUXhV0xosU8xCe+JKlkQuMRxCb8ZXfgYJ0IJpP0KLsyW1L7Fx6:bFRqxosU8xWMk8xVZ4YWI30otWn
                                                                                                                                                                          MD5:CFAB81B800EDABACBF6CB61AA78D5258
                                                                                                                                                                          SHA1:2730D4DA1BE7238D701DC84EB708A064B8D1CF27
                                                                                                                                                                          SHA-256:452A5479B9A2E03612576C30D30E6F51F51274CD30EF576EA1E71D20C657376F
                                                                                                                                                                          SHA-512:EC188B0EE4D3DAABC26799B34EE471BEE988BDD7CEB011ED7DF3D4CF26F98932BBBB4B70DC2B7FD4DF9A3981B3CE22F4B5BE4A0DB97514D526E521575EFB2EC6
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:...@.@...@..............@...................................`... ...i.y.........CrashpadMetrics.....i.y..Yd.h.......A.......e............,.........W.......................W....................Microsoft.UMA.PersistentAllocator.CrashpadMetrics.UsedPct.......h...i.y.[".................................!...&...+...0...6...;...@...E...K...P...U...Z...`...e...........i.y..Yd.........A............................E.[4.f..................E.[4.f.................Microsoft.UMA.PersistentAllocator.CrashpadMetrics.Errors............i.y..Yd.........A..................._..-`....h-.....................h-....................Crashpad.HandlerLifetimeMilestone.......0...i.y.[".........................................i.y..Yd.@.......C...........................VM....],................WM....],................Stability.BrowserExitCodes...... ...i.y......VM....],........H...i.y.1U!S............................................................ ...i.y...0...WM....],........................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):280
                                                                                                                                                                          Entropy (8bit):3.060980776278344
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:FiWWltl/9UgBVP/Sh/JzvLi2RRIxINXj1jtll:o1//BVsJDG2Yq
                                                                                                                                                                          MD5:E52B480F0230D08C00F610FE45C6B1B0
                                                                                                                                                                          SHA1:9D3920941C023DE18FE367B58C02F02635EF9426
                                                                                                                                                                          SHA-256:000C5B73C330D02E177010D59D638BE64378163C800D1D94F6467C5FAF983F4B
                                                                                                                                                                          SHA-512:4CB8326C6D2150EA5D48B9E131FD3DF08DF01AF9FC2A6B46C62ECA1BFBC903E052BFF8DF7D4C5ECEB276C4D1DA28B1E784096AB0B7F1228C1E6F5599D29054DC
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:sdPC......................5.y&.K.?....................................................................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................48ea0ba2-e9bb-4568-92cb-0f42a5c5d505............

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\43dc48c1-2a2c-49ab-895a-3773844908a9.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):7726
                                                                                                                                                                          Entropy (8bit):4.912774976727706
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:sV6aqlKGJ1jb9JEtyNYUCsedY5Th6Cp9/x+6M8muecmAeCrEe4zvrZcF2X6gS5Ak:sV6aNGJZGyNYUCsAYPpj+FVAR4ZYFJf
                                                                                                                                                                          MD5:E72D30AF2EBD5726B354A7642D090454
                                                                                                                                                                          SHA1:3622EA9D5E825C02237554EFA5AE9A7C6A0A1892
                                                                                                                                                                          SHA-256:C3B0DBDACB295939743D01B891C44990ED52C6DEC02CA044B3361E3BDE200AAF
                                                                                                                                                                          SHA-512:22F25FC3EB4C893BE1C4CA88540A01CA7D58A17DACD2B42DC4A6E2437985FD87817BE706E8641966E2424B22FB131BAF28071F2FE5BA1FD2B6981F6954D63453
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13355226853072784","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","5826"],"daily_received_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","5826"],"last_update_date":"133407612

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\61f9c9fa-eb1c-49b7-8c30-ae4196f01db5.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):24853
                                                                                                                                                                          Entropy (8bit):5.565416933295819
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:9sI+vcWPNBfW98F1+UoAYDCx9Tuqh0VfUC9xbog/OV9ckshrwnYcp2tuf:9sI+vcWPNBfW9u1jacPsSYFts
                                                                                                                                                                          MD5:D014F80B3C5B5AE42C4FB39A24C2D897
                                                                                                                                                                          SHA1:67EE872959632D162729FCDA400633ACDBB23314
                                                                                                                                                                          SHA-256:07F0B42BA386359B1C5F31493D87A3941F78052A3D02AC75A2098689C769BFE4
                                                                                                                                                                          SHA-512:750A985948C6E890C9731C08FDDEED0E1CEBCB5CC872CED8DC2AD9FFB4F860181C5763EA2407434376B45CA7AA5C0C631CCE272D398CE2B8D455F5FB4833DA18
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13355226851688577","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13355226851688577","location":5,"ma

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\6c8e8e76-eff1-4002-8c0d-2222e7a87606.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):9222
                                                                                                                                                                          Entropy (8bit):5.186981477496754
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:sV66NGJZGyR3YtJRVtYUCssYPpj+FVA+4ZYFBf:sV66NGJZGytYt/Vf3pUV74ZM
                                                                                                                                                                          MD5:D2D53F8618E442979993E35CD5815B5B
                                                                                                                                                                          SHA1:310D41E02F0E2507B6231766C7C380BC4900EA51
                                                                                                                                                                          SHA-256:039A3C164CA0459D40CBDD6ACF7161C6483C69F746726C2A3621A85EAB363D32
                                                                                                                                                                          SHA-512:A25FEAD91DEB6FE4781DAEB48EEAAD0F2C52969FDF699A3AE82C8E8684AECB537A74C2F70542137403F3762BAB004758F73A86161681285EB8E6B5000E5E8A71
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13355226853072784","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","5826"],"daily_received_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\884bd5b7-6c7e-41bb-9a68-3f9ad23f4182.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:very short file (no magic)
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1
                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:L:L
                                                                                                                                                                          MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                          SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                          SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                          SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\9ec9db4e-ef7c-4f09-a214-c56f9677193e.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):9332
                                                                                                                                                                          Entropy (8bit):5.18513087722832
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:sV66NGJZGyR3YtJRVtYUCssYPpj+FVA8RtZYFBf:sV66NGJZGytYt/Vf3pUVxRtZM
                                                                                                                                                                          MD5:EA6AE2E4E35D593D102E267755644446
                                                                                                                                                                          SHA1:70E293C5068BC065820D43E797DB5215E554B2A1
                                                                                                                                                                          SHA-256:1AEB76E96BD7A42744459EE0C80A3308AEE9910C1A4F8EFAC4AF2375F00A21D2
                                                                                                                                                                          SHA-512:F782DFC466121FEA6942E0850D95AAE89EF16399F7FBAAEBAE7E531BE2CDB3861227738B7C9DBDC3689C7B841C15E840093DB9F06D73252D6B431CB854B639DC
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13355226853072784","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","5826"],"daily_received_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000001.dbtmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):16
                                                                                                                                                                          Entropy (8bit):3.2743974703476995
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MANIFEST-000001.

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:modified
                                                                                                                                                                          Size (bytes):12735
                                                                                                                                                                          Entropy (8bit):5.347599731428465
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:J1OEH/WCxkD7MDPSYAxmemxb7mngJdv9TXJ4MQmLu5/4eeNdl:LOEOKSXs/J7mGnQmLu5/5eNdl
                                                                                                                                                                          MD5:13657F389752F8D0AD4B6EC523F0BC32
                                                                                                                                                                          SHA1:9673C653D635189D87B621FD491C2FB46906DC47
                                                                                                                                                                          SHA-256:4045D4F0DA45D902D14C914AC1DC8C371DC4C86A17CF6CDC4E1916B20D0EACFE
                                                                                                                                                                          SHA-512:0F9768A4A11DDFF8E18BBB845486F5E2339AAA6202720ACCB606F1D469A54B89810DD7D4DD61CC2AAAD3FB698EF0D139E8D6FF1EB56E3F06453E6FC9C333A977
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:...m.................DB_VERSION.1{D.9.................QUERY_TIMESTAMP:arbitration_priority_list4.*.*.13355226865141831.$QUERY:arbitration_priority_list4.*.*..[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=imsWdc2PGC%2BuAreb04yW9xpieA0z5NEov%2BfbkBLqCb8%3D&st=2021-01-01T00%3A00%3A00Z&se=2024-05-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"2DPW9BV28WrPpgGHdKsEvldNQvD7dA0AAxPa3B/lKN0=","size":11989}]..A./..............'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.]{.. "configVersion": 32,.. "PrivilegedExperiences": [.. "ShorelinePrivilegedExperienceID",.. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",.. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",.. "SHOPPING_AUTO_SHOW_BING_SEARCH",.. "SHOPPING_AUTO_SHOW_REBATES",.. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",.. "SHOPPING_AUTO_SHOW_REBAT

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\CURRENT (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):16
                                                                                                                                                                          Entropy (8bit):3.2743974703476995
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MANIFEST-000001.

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):293
                                                                                                                                                                          Entropy (8bit):5.102207724356129
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:FgSHms1wkn23oH+Tcwt9Eh1ZB2KLlvksl3+q2Pwkn23oH+Tcwt9Eh1tIFUv:6SUfYeb9Eh1ZFLG8+vYfYeb9Eh16FUv
                                                                                                                                                                          MD5:C150DE455FD68895E706B859AEAFB5AA
                                                                                                                                                                          SHA1:9B7827256315FE586641F5378289DFE586CD2BE6
                                                                                                                                                                          SHA-256:653C464AF3AB44F3FF883BE22B977699B3EC8EC00CC4A7436F0DD83FBBC6173D
                                                                                                                                                                          SHA-512:689F4BD9B8EA934C6A3FE91A9ADD50928E87A7922763DBB4312246A10F24558DEF1A2E42882C97C187A21FA832B835E01725E4E63DDB706E145DC3BEE6AFB8C4
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:2024/03/18-10:14:23.350 210c Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db since it was missing..2024/03/18-10:14:23.798 210c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\MANIFEST-000001

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:OpenPGP Secret Key
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):41
                                                                                                                                                                          Entropy (8bit):4.704993772857998
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AssistanceHome\AssistanceHomeSQLite

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):12288
                                                                                                                                                                          Entropy (8bit):0.3202460253800455
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:l9bNFlEuWk8TRH9MRumWEyE4gLueXdNOmWxFxCxmWxYgCxmW5y/mWz4ynLAtD/W4:TLiuWkMORuHEyESeXdwDQ3SOAtD/ie
                                                                                                                                                                          MD5:40B18EC43DB334E7B3F6295C7626F28D
                                                                                                                                                                          SHA1:0E46584B0E0A9703C6B2EC1D246F41E63AF2296F
                                                                                                                                                                          SHA-256:85E961767239E90A361FB6AA0A3FD9DAA57CAAF9E30599BB70124F1954B751C8
                                                                                                                                                                          SHA-512:8BDACDC4A9559E4273AD01407D5D411035EECD927385A51172F401558444AD29B5AD2DC5562D1101244665EBE86BBDDE072E75ECA050B051482005EB6A52CDBD
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_0

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):8192
                                                                                                                                                                          Entropy (8bit):0.01057775872642915
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:MsFl:/F
                                                                                                                                                                          MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                          SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                          SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                          SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_1

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):270336
                                                                                                                                                                          Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                                          MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                          SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                          SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                          SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_2

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):8192
                                                                                                                                                                          Entropy (8bit):0.011852361981932763
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:MsHlDll:/H
                                                                                                                                                                          MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                          SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                          SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                          SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_3

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):8192
                                                                                                                                                                          Entropy (8bit):0.012340643231932763
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                          MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                          SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                          SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                          SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\index

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):262512
                                                                                                                                                                          Entropy (8bit):9.553120663130604E-4
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:LsNlK5a:Ls3K
                                                                                                                                                                          MD5:53C24A23BBB1F890BE57A0BA06D9F7E7
                                                                                                                                                                          SHA1:CC36958E38C22692A52C94106001DA628620036E
                                                                                                                                                                          SHA-256:3226652628C2D5E0AED2623CDC924129B0DCC512386D2ED757D94E5FD883BC67
                                                                                                                                                                          SHA-512:0384BE0FB4EE64D7B9BB840E49FF20DC7E8579D926236F406B9F8E26F1F5A6AB3E73DF2229FA95F1C92A87853310B88E033E4C93972A811237E0C10960EA5827
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:..........................................v..r/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000001.dbtmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):16
                                                                                                                                                                          Entropy (8bit):3.2743974703476995
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MANIFEST-000001.

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000003.log

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):33
                                                                                                                                                                          Entropy (8bit):3.5394429593752084
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:iWstvhYNrkUn:iptAd
                                                                                                                                                                          MD5:F27314DD366903BBC6141EAE524B0FDE
                                                                                                                                                                          SHA1:4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
                                                                                                                                                                          SHA-256:68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
                                                                                                                                                                          SHA-512:07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:...m.................DB_VERSION.1

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\CURRENT (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):16
                                                                                                                                                                          Entropy (8bit):3.2743974703476995
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MANIFEST-000001.

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):305
                                                                                                                                                                          Entropy (8bit):5.18336575688245
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:FPuwb1wkn23oH+TcwtnG2tbB2KLlv0qyq2Pwkn23oH+TcwtnG2tMsIFUv:Rp6fYebn9VFLevYfYebn9GFUv
                                                                                                                                                                          MD5:6537B0ADAC6013B75278BE918544285A
                                                                                                                                                                          SHA1:76FB59AA14B4623EF1FA54AF2E7E77548ED39E2B
                                                                                                                                                                          SHA-256:8C683B13CB8C0297B7AA9F36CCA12EBB0CCCEA72D840731A06A2EB123CA1C4F7
                                                                                                                                                                          SHA-512:8686C656FE9C0801A63296AAB6BF01CE513718467541DE1E2C1D4989A1BDEEA342F924A759C15841FEFC417FF3FDF065536DB0A3EF9AABAF3AF7BAA3E316504C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:2024/03/18-10:14:11.708 1dc0 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db since it was missing..2024/03/18-10:14:11.795 1dc0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\MANIFEST-000001

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:OpenPGP Secret Key
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):41
                                                                                                                                                                          Entropy (8bit):4.704993772857998
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeEDrop\EdgeEDropSQLite.db

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 14, database pages 8, cookie 0xe, schema 4, UTF-8, version-valid-for 14
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                          Entropy (8bit):0.494709561094235
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:TLEC30OIcqIn2o0FUFlA2cs0US5S693Xlej2:ThLaJUnAg0UB6I
                                                                                                                                                                          MD5:CF7760533536E2AF66EA68BC3561B74D
                                                                                                                                                                          SHA1:E991DE2EA8F42AE7E0A96A3B3B8AF87A689C8CCD
                                                                                                                                                                          SHA-256:E1F183FAE5652BA52F5363A7E28BF62B53E7781314C9AB76B5708AF9918BE066
                                                                                                                                                                          SHA-512:38B15FE7503F6DFF9D39BC74AA0150A7FF038029F973BE9A37456CDE6807BCBDEAB06E624331C8DFDABE95A5973B0EE26A391DB2587E614A37ADD50046470162
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j...i............t...c................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):20480
                                                                                                                                                                          Entropy (8bit):0.5094712832659277
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:TLW4QpRSJDBJuqJSEDNvrWjJQ9Dl9np59yDLgHFUxOUDaaTXubHa7me5q4iZ7dV:TLqpR+DDNzWjJ0npnyXKUO8+j25XmL
                                                                                                                                                                          MD5:D4971855DD087E30FC14DF1535B556B9
                                                                                                                                                                          SHA1:9E00DEFC7E54C75163273184837B9D0263AA528C
                                                                                                                                                                          SHA-256:EC7414FF1DB052E8E0E359801F863969866F19228F3D5C64F632D991C923F0D2
                                                                                                                                                                          SHA-512:ACA411D7819B03EF9C9ACA292D91B1258238DF229B4E165A032DB645E66BFE1148FF3DCFDAC3126FCD34DBD0892F420148E280D9716C63AD9FCDD9E7CA58D71D
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000001.dbtmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):16
                                                                                                                                                                          Entropy (8bit):3.2743974703476995
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MANIFEST-000001.

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):209
                                                                                                                                                                          Entropy (8bit):1.8784775129881184
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:FQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlX:qTCTCTCTCTCTCTCTCTCTCT
                                                                                                                                                                          MD5:478D49D9CCB25AC14589F834EA70FB9E
                                                                                                                                                                          SHA1:5D30E87D66E279F8815AFFE4C691AAF1D577A21E
                                                                                                                                                                          SHA-256:BB6CC6DF54CF476D95409032C79E065F4E10D512E73F7E16018E550456F753D5
                                                                                                                                                                          SHA-512:FB5431054A23D3C532568B1F150873D9130DBC4A88BE19BC2A4907D0DC2888C5B55993154EAD4A6C466E2173092B8705684A6802B850F051639E1F2457387471
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\CURRENT (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):16
                                                                                                                                                                          Entropy (8bit):3.2743974703476995
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MANIFEST-000001.

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):281
                                                                                                                                                                          Entropy (8bit):5.147893587734306
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:F+bHM1wkn23oH+Tcwt8aVdg2KLlvYrq2Pwkn23oH+Tcwt8aPrqIFUv:srfYeb0LqrvYfYebL3FUv
                                                                                                                                                                          MD5:849DF8B2B54186DCC84A1F296E9F0B05
                                                                                                                                                                          SHA1:0BEBEAE15A37CC314938C641270689D1CD7640E1
                                                                                                                                                                          SHA-256:FECEF1F5D4678306FBEABEA8BAB6F70CF790CC0CE823F5475B321771E695CB98
                                                                                                                                                                          SHA-512:A35F74CACE1B3F74ECF9DD16A150163DD3EA8D7D5314FC56395EF0DB441AAA6F03AEA6AB3984B57ACEDC7E5B98D32AD04AC663396701980B4EA7943D6B688EF0
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:2024/03/18-10:14:11.727 1dd4 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules since it was missing..2024/03/18-10:14:12.177 1dd4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\MANIFEST-000001

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:OpenPGP Secret Key
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):41
                                                                                                                                                                          Entropy (8bit):4.704993772857998
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000001.dbtmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):16
                                                                                                                                                                          Entropy (8bit):3.2743974703476995
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MANIFEST-000001.

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):209
                                                                                                                                                                          Entropy (8bit):1.8784775129881184
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:FQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlX:qTCTCTCTCTCTCTCTCTCTCT
                                                                                                                                                                          MD5:478D49D9CCB25AC14589F834EA70FB9E
                                                                                                                                                                          SHA1:5D30E87D66E279F8815AFFE4C691AAF1D577A21E
                                                                                                                                                                          SHA-256:BB6CC6DF54CF476D95409032C79E065F4E10D512E73F7E16018E550456F753D5
                                                                                                                                                                          SHA-512:FB5431054A23D3C532568B1F150873D9130DBC4A88BE19BC2A4907D0DC2888C5B55993154EAD4A6C466E2173092B8705684A6802B850F051639E1F2457387471
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\CURRENT (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):16
                                                                                                                                                                          Entropy (8bit):3.2743974703476995
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MANIFEST-000001.

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):285
                                                                                                                                                                          Entropy (8bit):5.134349926106942
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:FWOmHM1wkn23oH+Tcwt86FB2KLlvLMq2Pwkn23oH+Tcwt865IFUv:DorfYeb/FFL+vYfYeb/WFUv
                                                                                                                                                                          MD5:AEB1339985492AD085AB9E83F13874AB
                                                                                                                                                                          SHA1:A324C62905729A44AFF6FDE9460CBB7282BBAB0B
                                                                                                                                                                          SHA-256:697593AE924810CFC838938E95478D9CCE6CEDBEB27A297E0FBB60D002CCD0C9
                                                                                                                                                                          SHA-512:AB5B271E7294BE7E63B0BE9BC5F4ED0C3C26BB29AD13FB80CB063309C49F9CE2AC06EC5A13CB415C91043C7B8D4724A3D2D35AFCF8D8788BAA23E819BAEA85EA
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:2024/03/18-10:14:12.179 1dd4 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts since it was missing..2024/03/18-10:14:12.210 1dd4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\MANIFEST-000001

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:OpenPGP Secret Key
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):41
                                                                                                                                                                          Entropy (8bit):4.704993772857998
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1197
                                                                                                                                                                          Entropy (8bit):1.8784775129881184
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW:
                                                                                                                                                                          MD5:A2A3B1383E3AAC2430F44FC7BF3E447E
                                                                                                                                                                          SHA1:B807210A1205126A107A5FE25F070D2879407AA4
                                                                                                                                                                          SHA-256:90685D4E050DA5B6E6F7A42A1EE21264A68F1734FD3BD4A0E044BB53791020A2
                                                                                                                                                                          SHA-512:396FAB9625A2FF396222DBC86A0E2CDE724C83F3130EE099F2872AED2F2F2ECE13B0853D635F589B70BD1B5E586C05A3231D68CAF9E46B6E2DAC105A10D0A1C8
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):322
                                                                                                                                                                          Entropy (8bit):5.165020492725504
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:FUS3yq2Pwkn23oH+Tcwt8NIFUt88Rwr1Zmw+8q8RkwOwkn23oH+Tcwt8+eLJ:YvYfYebpFUt8d1/+JM5JfYebqJ
                                                                                                                                                                          MD5:AC935A141D8434F65DBCCE706B501786
                                                                                                                                                                          SHA1:9960A044C93775F58CC0AC8D8D2C8C90E619F344
                                                                                                                                                                          SHA-256:5C2609A9EBBBC057533CD7516667661DA51DDF339505A654E4B5B26919F51E9B
                                                                                                                                                                          SHA-512:0CF3033B9923ED188F6CC8FB6CEE71DF0B960086E4A9A6491D75EC5DF9B40E22A1045659E838FF9D58E7378ECF7B04C566085661C68C8F84B064219CC838D1F4
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:2024/03/18-10:14:15.317 1dc0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/03/18-10:14:15.325 1dc0 Recovering log #3.2024/03/18-10:14:15.326 1dc0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):322
                                                                                                                                                                          Entropy (8bit):5.165020492725504
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:FUS3yq2Pwkn23oH+Tcwt8NIFUt88Rwr1Zmw+8q8RkwOwkn23oH+Tcwt8+eLJ:YvYfYebpFUt8d1/+JM5JfYebqJ
                                                                                                                                                                          MD5:AC935A141D8434F65DBCCE706B501786
                                                                                                                                                                          SHA1:9960A044C93775F58CC0AC8D8D2C8C90E619F344
                                                                                                                                                                          SHA-256:5C2609A9EBBBC057533CD7516667661DA51DDF339505A654E4B5B26919F51E9B
                                                                                                                                                                          SHA-512:0CF3033B9923ED188F6CC8FB6CEE71DF0B960086E4A9A6491D75EC5DF9B40E22A1045659E838FF9D58E7378ECF7B04C566085661C68C8F84B064219CC838D1F4
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:2024/03/18-10:14:15.317 1dc0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/03/18-10:14:15.325 1dc0 Recovering log #3.2024/03/18-10:14:15.326 1dc0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ExtensionActivityComp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 1, cookie 0x1, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4096
                                                                                                                                                                          Entropy (8bit):0.3169096321222068
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:lSWbNFl/sl+ltl4ltllOl83/XWEEabIDWzdWuAzTgdWj3FtFIU:l9bNFlEs1ok8fDEPDadUTgd81Z
                                                                                                                                                                          MD5:2554AD7847B0D04963FDAE908DB81074
                                                                                                                                                                          SHA1:F84ABD8D05D7B0DFB693485614ECF5204989B74A
                                                                                                                                                                          SHA-256:F6EF01E679B9096A7D8A0BD8151422543B51E65142119A9F3271F25F966E6C42
                                                                                                                                                                          SHA-512:13009172518387D77A67BBF86719527077BE9534D90CB06E7F34E1CCE7C40B49A185D892EE859A8BAFB69D5EBB6D667831A0FAFBA28AC1F44570C8B68F8C90A4
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ExtensionActivityEdge

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 8, cookie 0x8, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                          Entropy (8bit):0.40981274649195937
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:TL1WK3iOvwxwwweePKmJIOAdQBVA/kjo/TJZwJ9OV3WOT/5eQQ:Tmm+/9ZW943WOT/
                                                                                                                                                                          MD5:1A7F642FD4F71A656BE75B26B2D9ED79
                                                                                                                                                                          SHA1:51BBF587FB0CCC2D726DDB95C96757CC2854CFAD
                                                                                                                                                                          SHA-256:B96B6DDC10C29496069E16089DB0AB6911D7C13B82791868D583897C6D317977
                                                                                                                                                                          SHA-512:FD14EADCF5F7AB271BE6D8EF682977D1A0B5199A142E4AB353614F2F96AE9B49A6F35A19CC237489F297141994A4A16B580F88FAC44486FCB22C05B2F1C3F7D1
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j............M.....8...b..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):429
                                                                                                                                                                          Entropy (8bit):5.809210454117189
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
                                                                                                                                                                          MD5:5D1D9020CCEFD76CA661902E0C229087
                                                                                                                                                                          SHA1:DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
                                                                                                                                                                          SHA-256:B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
                                                                                                                                                                          SHA-512:5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 39, 1st free page 10, free pages 4, cookie 0x45, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):159744
                                                                                                                                                                          Entropy (8bit):0.5241404324800358
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:56U+bGzPDLjGQLBE3up+U0jBo4tgi3JMe9xJDECVjN:5R+GPXBBE3upb0HtTTDxVj
                                                                                                                                                                          MD5:241322143A01979D346689D9448AC8C0
                                                                                                                                                                          SHA1:DD95F97EE1CCB8FD9026D2156DE9CB8137B816D1
                                                                                                                                                                          SHA-256:65EEBDEC4F48A111AC596212A1D71C3A5CFA996797500E5344EEABDFA02527C8
                                                                                                                                                                          SHA-512:9C7241462A9DADEF25D8EEB1C14BABFBA65C451EBAFBC068B9856E4EF0EB6F894A44686CBB0D1F46C7F546335D0C53A3E386E6C1A017082DE127F8F9C0A54BD2
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:SQLite format 3......@ .......'...........E......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):8720
                                                                                                                                                                          Entropy (8bit):0.3275668640251306
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:UjYHA/J3+t76Y4QZZofU99pO0BYSbqR4EZY4QZvGK:UjLhHQws9Ld2BQZGK
                                                                                                                                                                          MD5:50BA481B2F92322273C426867A622C32
                                                                                                                                                                          SHA1:647824E71D2EF9EAF557A7993E7817AEFB67D674
                                                                                                                                                                          SHA-256:349CCFB033383460F40E38F887842F843C54468F400C4D218BE92964047604C4
                                                                                                                                                                          SHA-512:6B659E9A815C1E2F9453F3BE84D5C64F9F0DAF662A70620305B9201935BB14D6196DC971CEA2340CB3E44D217507537488615E147661C7E3CF6F0660C01D9900
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:............'"6B...'....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):28672
                                                                                                                                                                          Entropy (8bit):0.33890226319329847
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:TLMfly7aoxrRGcAkSQdC6ae1//fxEjkE/RFL2iFV1eHFxOUwa5qgufTsZ75fOSI:TLYcjr0+Pdajk+FZH1W6UwccI5fBI
                                                                                                                                                                          MD5:971F4C153D386AC7ED39363C31E854FC
                                                                                                                                                                          SHA1:339841CA0088C9EABDE4AACC8567D2289CCB9544
                                                                                                                                                                          SHA-256:B6468DA6EC0EAE580B251692CFE24620D39412954421BBFDECB13EF21BE7BC88
                                                                                                                                                                          SHA-512:1A4DD0C2BE163AAB3B81D63DEB4A7DB6421612A6CF1A5685951F86B7D5A40B67FC6585B7E52AA0CC20FF47349F15DFF0C9038086E3A7C78AE0FFBEE6D8AA7F7E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):406
                                                                                                                                                                          Entropy (8bit):5.289252197154994
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:U+vYfYeb8rcHEZrELFUt8Dg/+DQV5JfYeb8rcHEZrEZSJ:VYfYeb8nZrExg8YJfYeb8nZrEZe
                                                                                                                                                                          MD5:3240954E9577727EE834B280779FA834
                                                                                                                                                                          SHA1:AE744CFB0150C644E2B3EB40AE021F83EC11EC5A
                                                                                                                                                                          SHA-256:DF4D7FF8EC7F2D6357C0DBA8E0D6B04BFF503867E80EAF4A320DD9B628EEA0A0
                                                                                                                                                                          SHA-512:619CAAAB00377280D6FCDB830B4340BA5DBE4556162DD88E42BC31F3504692EEBB3263D4D575E1CD37B54EE90F198C9A52C47B829D4AB9005AB8C1E52574C5F3
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:2024/03/18-10:14:16.576 1d7c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/03/18-10:14:16.577 1d7c Recovering log #3.2024/03/18-10:14:16.577 1d7c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):406
                                                                                                                                                                          Entropy (8bit):5.289252197154994
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:U+vYfYeb8rcHEZrELFUt8Dg/+DQV5JfYeb8rcHEZrEZSJ:VYfYeb8nZrExg8YJfYeb8nZrEZe
                                                                                                                                                                          MD5:3240954E9577727EE834B280779FA834
                                                                                                                                                                          SHA1:AE744CFB0150C644E2B3EB40AE021F83EC11EC5A
                                                                                                                                                                          SHA-256:DF4D7FF8EC7F2D6357C0DBA8E0D6B04BFF503867E80EAF4A320DD9B628EEA0A0
                                                                                                                                                                          SHA-512:619CAAAB00377280D6FCDB830B4340BA5DBE4556162DD88E42BC31F3504692EEBB3263D4D575E1CD37B54EE90F198C9A52C47B829D4AB9005AB8C1E52574C5F3
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:2024/03/18-10:14:16.576 1d7c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/03/18-10:14:16.577 1d7c Recovering log #3.2024/03/18-10:14:16.577 1d7c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):334
                                                                                                                                                                          Entropy (8bit):5.131530028881706
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:FJyq2Pwkn23oH+Tcwt8a2jMGIFUt88W91Zmw+8YFlRkwOwkn23oH+Tcwt8a2jMmd:+vYfYeb8EFUt871/+j5JfYeb8bJ
                                                                                                                                                                          MD5:3DBCF02F45F42461AE0A8E9F71E6F307
                                                                                                                                                                          SHA1:F5A1F9BC3E293083724581330F98BECF5A69B2AA
                                                                                                                                                                          SHA-256:817C63509CCD4CF6554BB41E7B56B7365C38A7394500BF7BC7D72CDCF0BA8B72
                                                                                                                                                                          SHA-512:E39AFF59F75485C37903968BACE6896C980E85509D0B6CAB454D2D10FCC207427BD6A35F9BE4AE287DFC22893640866E8678161AFD2A2CC6B459639E590D98CF
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:2024/03/18-10:14:12.898 1e94 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/03/18-10:14:12.901 1e94 Recovering log #3.2024/03/18-10:14:12.909 1e94 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):334
                                                                                                                                                                          Entropy (8bit):5.131530028881706
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:FJyq2Pwkn23oH+Tcwt8a2jMGIFUt88W91Zmw+8YFlRkwOwkn23oH+Tcwt8a2jMmd:+vYfYeb8EFUt871/+j5JfYeb8bJ
                                                                                                                                                                          MD5:3DBCF02F45F42461AE0A8E9F71E6F307
                                                                                                                                                                          SHA1:F5A1F9BC3E293083724581330F98BECF5A69B2AA
                                                                                                                                                                          SHA-256:817C63509CCD4CF6554BB41E7B56B7365C38A7394500BF7BC7D72CDCF0BA8B72
                                                                                                                                                                          SHA-512:E39AFF59F75485C37903968BACE6896C980E85509D0B6CAB454D2D10FCC207427BD6A35F9BE4AE287DFC22893640866E8678161AFD2A2CC6B459639E590D98CF
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:2024/03/18-10:14:12.898 1e94 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/03/18-10:14:12.901 1e94 Recovering log #3.2024/03/18-10:14:12.909 1e94 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 28, cookie 0x1d, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):57344
                                                                                                                                                                          Entropy (8bit):0.863060653641558
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:u7/KLPeymOT7ynlm+yKwt7izhGnvgbn8MouB6wznP:u74CnlmVizhGE7IwD
                                                                                                                                                                          MD5:C681C90B3AAD7F7E4AF8664DE16971DF
                                                                                                                                                                          SHA1:9F72588CEA6569261291B19E06043A1EFC3653BC
                                                                                                                                                                          SHA-256:ADB987BF641B2531991B8DE5B10244C3FE1ACFA7AD7A61A65D2E2D8E7AB34C1D
                                                                                                                                                                          SHA-512:4696BF334961E4C9757BAC40C41B4FBE3E0B9F821BD242CE6967B347053787BE54D1270D7166745126AFA42E8193AC2E695B0D8F11DE8F0B2876628B7C128942
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 11, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):45056
                                                                                                                                                                          Entropy (8bit):0.40293591932113104
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:TLVgTjDk5Yk8k+/kCkzD3zzbLGfIzLihje90xq/WMFFfeFzfXVVlYWOT/CUFSe:Tmo9n+8dv/qALihje9kqL42WOT/9F
                                                                                                                                                                          MD5:ADC0CFB8A1A20DE2C4AB738B413CBEA4
                                                                                                                                                                          SHA1:238EF489E5FDC6EBB36F09D415FB353350E7097B
                                                                                                                                                                          SHA-256:7C071E36A64FB1881258712C9880F155D9CBAC693BADCC391A1CB110C257CC37
                                                                                                                                                                          SHA-512:38C8B7293B8F7BEF03299BAFB981EEEE309945B1BDE26ACDAD6FDD63247C21CA04D493A1DDAFC3B9A1904EFED998E9C7C0C8E98506FD4AC0AB252DFF34566B66
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.......=......\.t.+.>...,...=........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\6503e3fc-ec93-42cc-a923-db2c5725ff3f.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):188
                                                                                                                                                                          Entropy (8bit):5.423404609678128
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:YWRAWNjBSVVLTRn0xmuRA9E+L3x8HQXwlm9yJUA6XcIR6RX77XMqGwmvXjz2SQ:YWyWN1iL50xHA9vh8wXwlmUUAnIMp5sO
                                                                                                                                                                          MD5:6833E2FEEACF2930174137246FC7E09F
                                                                                                                                                                          SHA1:7707DD22D2CFD3C3B79D727C93AE1D3DFD90B307
                                                                                                                                                                          SHA-256:839EB286A9A424BFB655D9DA050BE4CAE90B3DE4894CFE1F352919B551F17C0C
                                                                                                                                                                          SHA-512:B987F42C327EA83EE824E0E9BBC2AE5727CBB3B8DF29659C7E11798E24D5F8A94A05644200B6B57754876050E805EEAB90A0DAC437296BFED54C49535AF133C0
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702}],"version":2}

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\84017458-d6db-4062-b6af-f3679a40b958.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:H:H
                                                                                                                                                                          MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:[]

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):20480
                                                                                                                                                                          Entropy (8bit):0.6732424250451717
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                                                                          MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                                                                          SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                                                                          SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                                                                          SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):61
                                                                                                                                                                          Entropy (8bit):3.926136109079379
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:YLb9N+eAXRfHDH2LSL:YHpoeSL
                                                                                                                                                                          MD5:4DF4574BFBB7E0B0BC56C2C9B12B6C47
                                                                                                                                                                          SHA1:81EFCBD3E3DA8221444A21F45305AF6FA4B71907
                                                                                                                                                                          SHA-256:E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
                                                                                                                                                                          SHA-512:78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"net":{"http_server_properties":{"servers":[],"version":5}}}

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF30ee5.TMP (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):61
                                                                                                                                                                          Entropy (8bit):3.926136109079379
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:YLb9N+eAXRfHDH2LSL:YHpoeSL
                                                                                                                                                                          MD5:4DF4574BFBB7E0B0BC56C2C9B12B6C47
                                                                                                                                                                          SHA1:81EFCBD3E3DA8221444A21F45305AF6FA4B71907
                                                                                                                                                                          SHA-256:E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
                                                                                                                                                                          SHA-512:78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"net":{"http_server_properties":{"servers":[],"version":5}}}

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF3eec6.TMP (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):61
                                                                                                                                                                          Entropy (8bit):3.926136109079379
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:YLb9N+eAXRfHDH2LSL:YHpoeSL
                                                                                                                                                                          MD5:4DF4574BFBB7E0B0BC56C2C9B12B6C47
                                                                                                                                                                          SHA1:81EFCBD3E3DA8221444A21F45305AF6FA4B71907
                                                                                                                                                                          SHA-256:E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
                                                                                                                                                                          SHA-512:78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"net":{"http_server_properties":{"servers":[],"version":5}}}

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 4, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):36864
                                                                                                                                                                          Entropy (8bit):0.555790634850688
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:TsIopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSB:QIEumQv8m1ccnvS6
                                                                                                                                                                          MD5:0247E46DE79B6CD1BF08CAF7782F7793
                                                                                                                                                                          SHA1:B3A63ED5BE3D8EC6E3949FC5E2D21D97ACC873A6
                                                                                                                                                                          SHA-256:AAD0053186875205E014AB98AE8C18A6233CB715DD3AF44E7E8EB259AEAB5EEA
                                                                                                                                                                          SHA-512:148804598D2A9EA182BD2ADC71663D481F88683CE3D672CE12A43E53B0D34FD70458BE5AAA781B20833E963804E7F4562855F2D18F7731B7C2EAEA5D6D52FBB6
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................O}.........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:H:H
                                                                                                                                                                          MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:[]

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF2e3ed.TMP (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:H:H
                                                                                                                                                                          MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:[]

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF324bf.TMP (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:H:H
                                                                                                                                                                          MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:[]

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF32d5a.TMP (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:H:H
                                                                                                                                                                          MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:[]

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):40
                                                                                                                                                                          Entropy (8bit):4.1275671571169275
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                          MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                          SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                          SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                          SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):203
                                                                                                                                                                          Entropy (8bit):5.4042796420747425
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:YAQN1iL50xHA9vh8wXwlmUUAnIMp5sXX2SQ:Y45Sg9vt+UAnIXZQ
                                                                                                                                                                          MD5:24D66E5F1B8C76C76511DA68057CDE5E
                                                                                                                                                                          SHA1:70225FEC1AE3FEF8D8A767D9EA0B0E108BF8F10D
                                                                                                                                                                          SHA-256:D5CB3A4A104E2EC4F13E8B4CDF3BD469E0AB638713928BEA1EAEAF03998B794C
                                                                                                                                                                          SHA-512:1CA093B4BB4E0B3EE0B791AD0E6B39AC9640CEB6ED005BD10A10B4AF904858F4898D86D26B60B625CDA9425FF317C6B9FE0DF2E12C897A52720AF775B19491AA
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"expect_ct":[],"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702}],"version":2}

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF30ee5.TMP (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):203
                                                                                                                                                                          Entropy (8bit):5.4042796420747425
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:YAQN1iL50xHA9vh8wXwlmUUAnIMp5sXX2SQ:Y45Sg9vt+UAnIXZQ
                                                                                                                                                                          MD5:24D66E5F1B8C76C76511DA68057CDE5E
                                                                                                                                                                          SHA1:70225FEC1AE3FEF8D8A767D9EA0B0E108BF8F10D
                                                                                                                                                                          SHA-256:D5CB3A4A104E2EC4F13E8B4CDF3BD469E0AB638713928BEA1EAEAF03998B794C
                                                                                                                                                                          SHA-512:1CA093B4BB4E0B3EE0B791AD0E6B39AC9640CEB6ED005BD10A10B4AF904858F4898D86D26B60B625CDA9425FF317C6B9FE0DF2E12C897A52720AF775B19491AA
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"expect_ct":[],"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702}],"version":2}

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Trust Tokens

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):36864
                                                                                                                                                                          Entropy (8bit):0.36515621748816035
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:TLH3lIIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:Tb31DtX5nDOvyKDhU1cSB
                                                                                                                                                                          MD5:25363ADC3C9D98BAD1A33D0792405CBF
                                                                                                                                                                          SHA1:D06E343087D86EF1A06F7479D81B26C90A60B5C3
                                                                                                                                                                          SHA-256:6E019B8B9E389216D5BDF1F2FE63F41EF98E71DA101F2A6BE04F41CC5954532D
                                                                                                                                                                          SHA-512:CF7EEE35D0E00945AF221BEC531E8BF06C08880DA00BD103FA561BC069D7C6F955CBA3C1C152A4884601E5A670B7487D39B4AE9A4D554ED8C14F129A74E555F7
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.......X..g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\a7e367c8-a198-4a6f-a9ec-d6994a5b36be.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:H:H
                                                                                                                                                                          MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:[]

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\baaeec5f-6e2c-4db6-893b-7f1b2caad2a8.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):40
                                                                                                                                                                          Entropy (8bit):4.1275671571169275
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                          MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                          SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                          SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                          SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\cdd33940-cdad-483f-be38-e0a25d6afb9b.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):111
                                                                                                                                                                          Entropy (8bit):4.718418993774295
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiVY:YHpoeS7PMVKJTnMRK3VY
                                                                                                                                                                          MD5:285252A2F6327D41EAB203DC2F402C67
                                                                                                                                                                          SHA1:ACEDB7BA5FBC3CE914A8BF386A6F72CA7BAA33C6
                                                                                                                                                                          SHA-256:5DFC321417FC31359F23320EA68014EBFD793C5BBED55F77DAB4180BBD4A2026
                                                                                                                                                                          SHA-512:11CE7CB484FEE66894E63C31DB0D6B7EF66AD0327D4E7E2EB85F3BCC2E836A3A522C68D681E84542E471E54F765E091EFE1EE4065641B0299B15613EB32DCC0D
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\e9fb8f9e-f151-42ad-9292-bfd825ccdb68.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:H:H
                                                                                                                                                                          MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:[]

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\f0fc432e-a706-47c9-aede-e623de856944.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):881
                                                                                                                                                                          Entropy (8bit):5.30573806181601
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:YXsqpZVMdBsqyJZFRudFGcsqhZFGJ/dbG7nby:YXsqf8sqy/fcdsqngzbZ
                                                                                                                                                                          MD5:0A7F1A55CBEAE2C8F1AF19F765E6A220
                                                                                                                                                                          SHA1:BE039F0ADEA9C626A515A5AE0F77739B5E3894C1
                                                                                                                                                                          SHA-256:0ABE33C8FB5C8B14A70EC4EEA09D52DDB4A5803AA8621C019279E240A7F70F32
                                                                                                                                                                          SHA-512:06DBEAA932FC1EF576764DA0F5F9F4A3B3006CCF5B3A8AE6328524984DF46B46974090AF4C3A3123CDDF7CB61DE848B97E361C9B9D7E6DB70B298BA873CBD0B6
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13357818857196802","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13357818861321194","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13357818883085451","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com"}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\f31a2c41-d808-41a9-b40c-dcb6609dcc80.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:H:H
                                                                                                                                                                          MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:[]

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):20480
                                                                                                                                                                          Entropy (8bit):0.46731661083066856
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:TL1QAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3is25q0S9K0xHZ75fOV:TLiOUOq0afDdWec9sJf5Q7J5fc
                                                                                                                                                                          MD5:E93ACF0820CA08E5A5D2D159729F70E3
                                                                                                                                                                          SHA1:2C1A4D4924B9AEC1A796F108607404B000877C5D
                                                                                                                                                                          SHA-256:F2267FDA7F45499F7A01186B75CEFB799F8D2BC97E2E9B5068952D477294302C
                                                                                                                                                                          SHA-512:3BF36C20E04DCF1C16DC794E272F82F68B0DE43F16B4A9746B63B6D6BBC953B00BD7111CDA7AFE85CEBB2C447145483A382B15E2B0A5B36026C3441635D4E50C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):7726
                                                                                                                                                                          Entropy (8bit):4.912774976727706
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:sV6aqlKGJ1jb9JEtyNYUCsedY5Th6Cp9/x+6M8muecmAeCrEe4zvrZcF2X6gS5Ak:sV6aNGJZGyNYUCsAYPpj+FVAR4ZYFJf
                                                                                                                                                                          MD5:E72D30AF2EBD5726B354A7642D090454
                                                                                                                                                                          SHA1:3622EA9D5E825C02237554EFA5AE9A7C6A0A1892
                                                                                                                                                                          SHA-256:C3B0DBDACB295939743D01B891C44990ED52C6DEC02CA044B3361E3BDE200AAF
                                                                                                                                                                          SHA-512:22F25FC3EB4C893BE1C4CA88540A01CA7D58A17DACD2B42DC4A6E2437985FD87817BE706E8641966E2424B22FB131BAF28071F2FE5BA1FD2B6981F6954D63453
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13355226853072784","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","5826"],"daily_received_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","5826"],"last_update_date":"133407612

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF31483.TMP (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):7726
                                                                                                                                                                          Entropy (8bit):4.912774976727706
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:sV6aqlKGJ1jb9JEtyNYUCsedY5Th6Cp9/x+6M8muecmAeCrEe4zvrZcF2X6gS5Ak:sV6aNGJZGyNYUCsAYPpj+FVAR4ZYFJf
                                                                                                                                                                          MD5:E72D30AF2EBD5726B354A7642D090454
                                                                                                                                                                          SHA1:3622EA9D5E825C02237554EFA5AE9A7C6A0A1892
                                                                                                                                                                          SHA-256:C3B0DBDACB295939743D01B891C44990ED52C6DEC02CA044B3361E3BDE200AAF
                                                                                                                                                                          SHA-512:22F25FC3EB4C893BE1C4CA88540A01CA7D58A17DACD2B42DC4A6E2437985FD87817BE706E8641966E2424B22FB131BAF28071F2FE5BA1FD2B6981F6954D63453
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13355226853072784","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","5826"],"daily_received_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","5826"],"last_update_date":"133407612

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF34f1b.TMP (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):7726
                                                                                                                                                                          Entropy (8bit):4.912774976727706
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:sV6aqlKGJ1jb9JEtyNYUCsedY5Th6Cp9/x+6M8muecmAeCrEe4zvrZcF2X6gS5Ak:sV6aNGJZGyNYUCsAYPpj+FVAR4ZYFJf
                                                                                                                                                                          MD5:E72D30AF2EBD5726B354A7642D090454
                                                                                                                                                                          SHA1:3622EA9D5E825C02237554EFA5AE9A7C6A0A1892
                                                                                                                                                                          SHA-256:C3B0DBDACB295939743D01B891C44990ED52C6DEC02CA044B3361E3BDE200AAF
                                                                                                                                                                          SHA-512:22F25FC3EB4C893BE1C4CA88540A01CA7D58A17DACD2B42DC4A6E2437985FD87817BE706E8641966E2424B22FB131BAF28071F2FE5BA1FD2B6981F6954D63453
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13355226853072784","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","5826"],"daily_received_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","5826"],"last_update_date":"133407612

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3be9e.TMP (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):7726
                                                                                                                                                                          Entropy (8bit):4.912774976727706
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:sV6aqlKGJ1jb9JEtyNYUCsedY5Th6Cp9/x+6M8muecmAeCrEe4zvrZcF2X6gS5Ak:sV6aNGJZGyNYUCsAYPpj+FVAR4ZYFJf
                                                                                                                                                                          MD5:E72D30AF2EBD5726B354A7642D090454
                                                                                                                                                                          SHA1:3622EA9D5E825C02237554EFA5AE9A7C6A0A1892
                                                                                                                                                                          SHA-256:C3B0DBDACB295939743D01B891C44990ED52C6DEC02CA044B3361E3BDE200AAF
                                                                                                                                                                          SHA-512:22F25FC3EB4C893BE1C4CA88540A01CA7D58A17DACD2B42DC4A6E2437985FD87817BE706E8641966E2424B22FB131BAF28071F2FE5BA1FD2B6981F6954D63453
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13355226853072784","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","5826"],"daily_received_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","5826"],"last_update_date":"133407612

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):33
                                                                                                                                                                          Entropy (8bit):4.051821770808046
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:YVXADAEvTLSJ:Y9AcEvHSJ
                                                                                                                                                                          MD5:2B432FEF211C69C745ACA86DE4F8E4AB
                                                                                                                                                                          SHA1:4B92DA8D4C0188CF2409500ADCD2200444A82FCC
                                                                                                                                                                          SHA-256:42B55D126D1E640B1ED7A6BDCB9A46C81DF461FA7E131F4F8C7108C2C61C14DE
                                                                                                                                                                          SHA-512:948502DE4DC89A7E9D2E1660451FCD0F44FD3816072924A44F145D821D0363233CC92A377DBA3A0A9F849E3C17B1893070025C369C8120083A622D025FE1EACF
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"preferred_apps":[],"version":1}

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):24853
                                                                                                                                                                          Entropy (8bit):5.565416933295819
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:9sI+vcWPNBfW98F1+UoAYDCx9Tuqh0VfUC9xbog/OV9ckshrwnYcp2tuf:9sI+vcWPNBfW9u1jacPsSYFts
                                                                                                                                                                          MD5:D014F80B3C5B5AE42C4FB39A24C2D897
                                                                                                                                                                          SHA1:67EE872959632D162729FCDA400633ACDBB23314
                                                                                                                                                                          SHA-256:07F0B42BA386359B1C5F31493D87A3941F78052A3D02AC75A2098689C769BFE4
                                                                                                                                                                          SHA-512:750A985948C6E890C9731C08FDDEED0E1CEBCB5CC872CED8DC2AD9FFB4F860181C5763EA2407434376B45CA7AA5C0C631CCE272D398CE2B8D455F5FB4833DA18
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13355226851688577","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13355226851688577","location":5,"ma

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF307f0.TMP (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):24853
                                                                                                                                                                          Entropy (8bit):5.565416933295819
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:9sI+vcWPNBfW98F1+UoAYDCx9Tuqh0VfUC9xbog/OV9ckshrwnYcp2tuf:9sI+vcWPNBfW9u1jacPsSYFts
                                                                                                                                                                          MD5:D014F80B3C5B5AE42C4FB39A24C2D897
                                                                                                                                                                          SHA1:67EE872959632D162729FCDA400633ACDBB23314
                                                                                                                                                                          SHA-256:07F0B42BA386359B1C5F31493D87A3941F78052A3D02AC75A2098689C769BFE4
                                                                                                                                                                          SHA-512:750A985948C6E890C9731C08FDDEED0E1CEBCB5CC872CED8DC2AD9FFB4F860181C5763EA2407434376B45CA7AA5C0C631CCE272D398CE2B8D455F5FB4833DA18
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13355226851688577","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13355226851688577","location":5,"ma

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF34f0b.TMP (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):24853
                                                                                                                                                                          Entropy (8bit):5.565416933295819
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:9sI+vcWPNBfW98F1+UoAYDCx9Tuqh0VfUC9xbog/OV9ckshrwnYcp2tuf:9sI+vcWPNBfW9u1jacPsSYFts
                                                                                                                                                                          MD5:D014F80B3C5B5AE42C4FB39A24C2D897
                                                                                                                                                                          SHA1:67EE872959632D162729FCDA400633ACDBB23314
                                                                                                                                                                          SHA-256:07F0B42BA386359B1C5F31493D87A3941F78052A3D02AC75A2098689C769BFE4
                                                                                                                                                                          SHA-512:750A985948C6E890C9731C08FDDEED0E1CEBCB5CC872CED8DC2AD9FFB4F860181C5763EA2407434376B45CA7AA5C0C631CCE272D398CE2B8D455F5FB4833DA18
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13355226851688577","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13355226851688577","location":5,"ma

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):232
                                                                                                                                                                          Entropy (8bit):2.7061121767675385
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:S8ltHlS+QUl1ASEGhTFljljljljljljljljljl:S85aEFljljljljljljljljljl
                                                                                                                                                                          MD5:8A30A1FDD0459D9EA8B1E78A8E636856
                                                                                                                                                                          SHA1:9D7225E97F9CFCFB225CFBFD0B0BBA21D4EFDD20
                                                                                                                                                                          SHA-256:88FE1D31608930F2738D102D45C75DC77ACDF01A1B69BFB7E7C0281575B75E33
                                                                                                                                                                          SHA-512:B529BCE870CD8165BF82F3EBF94F07552467BD0993B9D35145182E54E26FB2AE8E7BB167D88267B632757E2146F27DFDDF8867DB0C66E5DCC306DB12EC6B7BEF
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f.................&f.................&f.................&f.................&f.................&f...............

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):322
                                                                                                                                                                          Entropy (8bit):5.142501116634406
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:Fau9lyq2Pwkn23oH+TcwtrQMxIFUt88y91Zmw+89PjRkwOwkn23oH+TcwtrQMFLJ:0oIvYfYebCFUt8j1/+w5JfYebtJ
                                                                                                                                                                          MD5:BDF15CEC40293DC7737A7FE6D732E2E8
                                                                                                                                                                          SHA1:B61188D9E22034E6ABD2547D9EA41BAC4F95E14B
                                                                                                                                                                          SHA-256:9748586CBC16B0DBBB09D592C76B73C12E878F448E1131E3B4F1D9208B0A2D0B
                                                                                                                                                                          SHA-512:2B3C5E26F036FE40E5103ECBD1B671A162E9D502CEC0DFFE30EE3D948D79D23BBD6BB7008373E714974E906E07E347C6978064C0BB09430563575A89C5FBDE2E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:2024/03/18-10:14:31.484 1e94 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/03/18-10:14:31.548 1e94 Recovering log #3.2024/03/18-10:14:31.565 1e94 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):322
                                                                                                                                                                          Entropy (8bit):5.142501116634406
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:Fau9lyq2Pwkn23oH+TcwtrQMxIFUt88y91Zmw+89PjRkwOwkn23oH+TcwtrQMFLJ:0oIvYfYebCFUt8j1/+w5JfYebtJ
                                                                                                                                                                          MD5:BDF15CEC40293DC7737A7FE6D732E2E8
                                                                                                                                                                          SHA1:B61188D9E22034E6ABD2547D9EA41BAC4F95E14B
                                                                                                                                                                          SHA-256:9748586CBC16B0DBBB09D592C76B73C12E878F448E1131E3B4F1D9208B0A2D0B
                                                                                                                                                                          SHA-512:2B3C5E26F036FE40E5103ECBD1B671A162E9D502CEC0DFFE30EE3D948D79D23BBD6BB7008373E714974E906E07E347C6978064C0BB09430563575A89C5FBDE2E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:2024/03/18-10:14:31.484 1e94 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/03/18-10:14:31.548 1e94 Recovering log #3.2024/03/18-10:14:31.565 1e94 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):350
                                                                                                                                                                          Entropy (8bit):5.127879488273073
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:Fc29yq2Pwkn23oH+Tcwt7Uh2ghZIFUt88cK81Zmw+8cKqRkwOwkn23oH+Tcwt7UT:m2AvYfYebIhHh2FUt8NK81/+NKO5JfYz
                                                                                                                                                                          MD5:700295337C2F6477FB9F65BF1B58DDA7
                                                                                                                                                                          SHA1:AFEAED202AA633CE2FB0A05041827EF2B5C92723
                                                                                                                                                                          SHA-256:96475FB951D7CDE1787DB02ED4E270909777DE780793065713F675093893E88D
                                                                                                                                                                          SHA-512:B66D89400A5C0E7839132B1D8A36AB7DD9025B83EDA28D27C0C34B8B8455122AEEB866B22AF0C9DABFBA476DB8BB75298ECF9E524DF1723BAB7FE7BB6222B736
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:2024/03/18-10:14:11.665 1dc0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/03/18-10:14:11.666 1dc0 Recovering log #3.2024/03/18-10:14:11.666 1dc0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):350
                                                                                                                                                                          Entropy (8bit):5.127879488273073
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:Fc29yq2Pwkn23oH+Tcwt7Uh2ghZIFUt88cK81Zmw+8cKqRkwOwkn23oH+Tcwt7UT:m2AvYfYebIhHh2FUt8NK81/+NKO5JfYz
                                                                                                                                                                          MD5:700295337C2F6477FB9F65BF1B58DDA7
                                                                                                                                                                          SHA1:AFEAED202AA633CE2FB0A05041827EF2B5C92723
                                                                                                                                                                          SHA-256:96475FB951D7CDE1787DB02ED4E270909777DE780793065713F675093893E88D
                                                                                                                                                                          SHA-512:B66D89400A5C0E7839132B1D8A36AB7DD9025B83EDA28D27C0C34B8B8455122AEEB866B22AF0C9DABFBA476DB8BB75298ECF9E524DF1723BAB7FE7BB6222B736
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:2024/03/18-10:14:11.665 1dc0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/03/18-10:14:11.666 1dc0 Recovering log #3.2024/03/18-10:14:11.666 1dc0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_0

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):8192
                                                                                                                                                                          Entropy (8bit):0.01057775872642915
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:MsFl:/F
                                                                                                                                                                          MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                          SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                          SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                          SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_1

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):270336
                                                                                                                                                                          Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                                          MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                          SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                          SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                          SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_2

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):8192
                                                                                                                                                                          Entropy (8bit):0.011852361981932763
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:MsHlDll:/H
                                                                                                                                                                          MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                          SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                          SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                          SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_3

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):8192
                                                                                                                                                                          Entropy (8bit):0.012340643231932763
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                          MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                          SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                          SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                          SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\index

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):524656
                                                                                                                                                                          Entropy (8bit):5.027445846313988E-4
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:LsulpX:Ls
                                                                                                                                                                          MD5:8515221C5B9BF92F4DDA72E8531C4B8A
                                                                                                                                                                          SHA1:DD5E9A8CD7F788C9E437A8C776CE8675D45B21BD
                                                                                                                                                                          SHA-256:752D1D03F16AF26F284932221D019A8229E7A5A6A6C85427456DDC3A047C3D1D
                                                                                                                                                                          SHA-512:23526BC3C5C3C2B704075DAF078E2C9904EF3958636296C58C612F422267164208081E756DF9D622B741AFE77A766B68A91AF73339A5A23D78BC0517887BE501
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.............................................r/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_0

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):8192
                                                                                                                                                                          Entropy (8bit):0.01057775872642915
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:MsFl:/F
                                                                                                                                                                          MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                          SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                          SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                          SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):270336
                                                                                                                                                                          Entropy (8bit):0.0012471779557650352
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                          MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                          SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                          SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                          SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_2

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):8192
                                                                                                                                                                          Entropy (8bit):0.011852361981932763
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:MsHlDll:/H
                                                                                                                                                                          MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                          SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                          SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                          SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_3

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):8192
                                                                                                                                                                          Entropy (8bit):0.012340643231932763
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                          MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                          SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                          SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                          SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\index

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):262512
                                                                                                                                                                          Entropy (8bit):9.553120663130604E-4
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:LsNlbq:Ls3
                                                                                                                                                                          MD5:AC767BB7FF915781B1A049E9DDB5EDD5
                                                                                                                                                                          SHA1:356628E6413D6A2760EB90D27D7DB1C786C43C1F
                                                                                                                                                                          SHA-256:766BBB85BB713A81D634AA2C2AEED68159898A0223DD54E7346E28DDE34290F3
                                                                                                                                                                          SHA-512:9BA8AE6905858A78BA82053279805F060DED6EE04BC7C1A90C0C4378A9F1465A22E13F910EB4DE081871CB0AA3E513D5E131F3C9B9735C3DBD717C8868164635
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:............................................r/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):270336
                                                                                                                                                                          Entropy (8bit):0.0012471779557650352
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                          MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                          SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                          SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                          SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):432
                                                                                                                                                                          Entropy (8bit):5.245359519358544
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:eHvYfYebvqBQFUt8/TY11/+/9z5JfYebvqBvJ:ePYfYebvZg8/TY14PJfYebvk
                                                                                                                                                                          MD5:70E8F33FEE93496CAC01A3190DB0C0BB
                                                                                                                                                                          SHA1:FD102DF2BF73BDE3A6D3EC2405B5D7A1576421DE
                                                                                                                                                                          SHA-256:CF128A578AD17A8E45ED1E9BAA6009B8B506EB5E1DEEECBDA5CC8F63027F8792
                                                                                                                                                                          SHA-512:1BAF57E8D91A206A530A6ECCFE97E09D842F4556387E97C2E374F13BD2CD0B8BFBAD3D2FA8403914D83E64D68E307F4C06EEAE1B323957D040902824A8AD880A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:2024/03/18-10:14:15.420 1e94 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/03/18-10:14:15.431 1e94 Recovering log #3.2024/03/18-10:14:15.456 1e94 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):432
                                                                                                                                                                          Entropy (8bit):5.245359519358544
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:eHvYfYebvqBQFUt8/TY11/+/9z5JfYebvqBvJ:ePYfYebvZg8/TY14PJfYebvk
                                                                                                                                                                          MD5:70E8F33FEE93496CAC01A3190DB0C0BB
                                                                                                                                                                          SHA1:FD102DF2BF73BDE3A6D3EC2405B5D7A1576421DE
                                                                                                                                                                          SHA-256:CF128A578AD17A8E45ED1E9BAA6009B8B506EB5E1DEEECBDA5CC8F63027F8792
                                                                                                                                                                          SHA-512:1BAF57E8D91A206A530A6ECCFE97E09D842F4556387E97C2E374F13BD2CD0B8BFBAD3D2FA8403914D83E64D68E307F4C06EEAE1B323957D040902824A8AD880A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:2024/03/18-10:14:15.420 1e94 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/03/18-10:14:15.431 1e94 Recovering log #3.2024/03/18-10:14:15.456 1e94 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\2e7dee02-2ac0-4eea-b35f-7fb75fe07999.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:H:H
                                                                                                                                                                          MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:[]

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\5b49ead9-6867-4433-aa45-5faeb53f1cd9.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:H:H
                                                                                                                                                                          MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:[]

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):193
                                                                                                                                                                          Entropy (8bit):4.864047146590611
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:YHpoueH2a9a1o3/QBR70S7PMVKJTnMRK3VY:YH/u2caq3QH7E4T3y
                                                                                                                                                                          MD5:18D8AE83268DD3A59C64AAD659CF2FD3
                                                                                                                                                                          SHA1:018C9736438D095A67B1C9953082F671C2FDB681
                                                                                                                                                                          SHA-256:D659029D35ADEBB7918AF32FFF3202C63D8047043A8BDF329B2A97751CF95056
                                                                                                                                                                          SHA-512:BB0962F930E9844E8C0E9CD209C07F46259E4C7677D5443B7AEE90DCF7B7E8F9960C5E3FCB8A83B9BB40862FBE0442C547083A9FD421D86674B88B2BEBBEB2FB
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State~RF3f454.TMP (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):193
                                                                                                                                                                          Entropy (8bit):4.864047146590611
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:YHpoueH2a9a1o3/QBR70S7PMVKJTnMRK3VY:YH/u2caq3QH7E4T3y
                                                                                                                                                                          MD5:18D8AE83268DD3A59C64AAD659CF2FD3
                                                                                                                                                                          SHA1:018C9736438D095A67B1C9953082F671C2FDB681
                                                                                                                                                                          SHA-256:D659029D35ADEBB7918AF32FFF3202C63D8047043A8BDF329B2A97751CF95056
                                                                                                                                                                          SHA-512:BB0962F930E9844E8C0E9CD209C07F46259E4C7677D5443B7AEE90DCF7B7E8F9960C5E3FCB8A83B9BB40862FBE0442C547083A9FD421D86674B88B2BEBBEB2FB
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Reporting and NEL

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 4, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):36864
                                                                                                                                                                          Entropy (8bit):0.555790634850688
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:TsIopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSB:QIEumQv8m1ccnvS6
                                                                                                                                                                          MD5:0247E46DE79B6CD1BF08CAF7782F7793
                                                                                                                                                                          SHA1:B3A63ED5BE3D8EC6E3949FC5E2D21D97ACC873A6
                                                                                                                                                                          SHA-256:AAD0053186875205E014AB98AE8C18A6233CB715DD3AF44E7E8EB259AEAB5EEA
                                                                                                                                                                          SHA-512:148804598D2A9EA182BD2ADC71663D481F88683CE3D672CE12A43E53B0D34FD70458BE5AAA781B20833E963804E7F4562855F2D18F7731B7C2EAEA5D6D52FBB6
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................O}.........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:H:H
                                                                                                                                                                          MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:[]

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF324cf.TMP (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:H:H
                                                                                                                                                                          MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:[]

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF32d89.TMP (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:H:H
                                                                                                                                                                          MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:[]

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):40
                                                                                                                                                                          Entropy (8bit):4.1275671571169275
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                          MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                          SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                          SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                          SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):36864
                                                                                                                                                                          Entropy (8bit):0.36515621748816035
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:TLH3lIIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:Tb31DtX5nDOvyKDhU1cSB
                                                                                                                                                                          MD5:25363ADC3C9D98BAD1A33D0792405CBF
                                                                                                                                                                          SHA1:D06E343087D86EF1A06F7479D81B26C90A60B5C3
                                                                                                                                                                          SHA-256:6E019B8B9E389216D5BDF1F2FE63F41EF98E71DA101F2A6BE04F41CC5954532D
                                                                                                                                                                          SHA-512:CF7EEE35D0E00945AF221BEC531E8BF06C08880DA00BD103FA561BC069D7C6F955CBA3C1C152A4884601E5A670B7487D39B4AE9A4D554ED8C14F129A74E555F7
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.......X..g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\c6f65422-b045-4230-871b-a7502a409979.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):40
                                                                                                                                                                          Entropy (8bit):4.1275671571169275
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                          MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                          SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                          SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                          SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\e9eb34b9-c914-4f3e-b167-e76a66016342.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):111
                                                                                                                                                                          Entropy (8bit):4.718418993774295
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiVY:YHpoeS7PMVKJTnMRK3VY
                                                                                                                                                                          MD5:285252A2F6327D41EAB203DC2F402C67
                                                                                                                                                                          SHA1:ACEDB7BA5FBC3CE914A8BF386A6F72CA7BAA33C6
                                                                                                                                                                          SHA-256:5DFC321417FC31359F23320EA68014EBFD793C5BBED55F77DAB4180BBD4A2026
                                                                                                                                                                          SHA-512:11CE7CB484FEE66894E63C31DB0D6B7EF66AD0327D4E7E2EB85F3BCC2E836A3A522C68D681E84542E471E54F765E091EFE1EE4065641B0299B15613EB32DCC0D
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\f95c190c-e789-4619-837b-595e9bd04db7.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:H:H
                                                                                                                                                                          MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:[]

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):80
                                                                                                                                                                          Entropy (8bit):3.4921535629071894
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
                                                                                                                                                                          MD5:69449520FD9C139C534E2970342C6BD8
                                                                                                                                                                          SHA1:230FE369A09DEF748F8CC23AD70FD19ED8D1B885
                                                                                                                                                                          SHA-256:3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
                                                                                                                                                                          SHA-512:EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:*...#................version.1..namespace-..&f.................&f...............

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):420
                                                                                                                                                                          Entropy (8bit):5.2181339899845876
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:F1Eq2Pwkn23oH+TcwtzjqEKj0QMxIFUt88TXZmw+8lkwOwkn23oH+TcwtzjqEKjq:bEvYfYebvqBZFUt8W/+G5JfYebvqBaJ
                                                                                                                                                                          MD5:9C1F94F1B51154B1589693756B2A9736
                                                                                                                                                                          SHA1:067A38DAA90491D4B8BE8A84FC3A873FB7129404
                                                                                                                                                                          SHA-256:9749DEDD8CC9638D5F5CF55949F353B5247F13B35EA8510A1455AF2E6BB73C8D
                                                                                                                                                                          SHA-512:3748F615EA78A831CC99C15B4E1C8A0F00A13D01D7D6EB1CF3EC73EE4E5318515B5D4C6B4193451F04DEABED94C0343EBF5B7DCEF34BE0253B40B3A11FDC0A03
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:2024/03/18-10:14:31.583 1ec0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/03/18-10:14:31.587 1ec0 Recovering log #3.2024/03/18-10:14:31.600 1ec0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):420
                                                                                                                                                                          Entropy (8bit):5.2181339899845876
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:F1Eq2Pwkn23oH+TcwtzjqEKj0QMxIFUt88TXZmw+8lkwOwkn23oH+TcwtzjqEKjq:bEvYfYebvqBZFUt8W/+G5JfYebvqBaJ
                                                                                                                                                                          MD5:9C1F94F1B51154B1589693756B2A9736
                                                                                                                                                                          SHA1:067A38DAA90491D4B8BE8A84FC3A873FB7129404
                                                                                                                                                                          SHA-256:9749DEDD8CC9638D5F5CF55949F353B5247F13B35EA8510A1455AF2E6BB73C8D
                                                                                                                                                                          SHA-512:3748F615EA78A831CC99C15B4E1C8A0F00A13D01D7D6EB1CF3EC73EE4E5318515B5D4C6B4193451F04DEABED94C0343EBF5B7DCEF34BE0253B40B3A11FDC0A03
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:2024/03/18-10:14:31.583 1ec0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/03/18-10:14:31.587 1ec0 Recovering log #3.2024/03/18-10:14:31.600 1ec0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):326
                                                                                                                                                                          Entropy (8bit):5.1749091450007
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:FSMj+q2Pwkn23oH+TcwtpIFUt88S+GXWZmw+8S+GiVkwOwkn23oH+Tcwta/WLJ:J+vYfYebmFUt8yCW/+yBV5JfYebaUJ
                                                                                                                                                                          MD5:9B4BBA6092F48B363793051E573607D6
                                                                                                                                                                          SHA1:258E212DD20BAF88145A28E4367F6170C1AE6725
                                                                                                                                                                          SHA-256:F0289F77A47D589669EF1280E36B7DE032CA874EA163CD5737E33C5FBFEC244F
                                                                                                                                                                          SHA-512:D1B28AC3113B106EED2123A0B929D33274FDBDF6CB9663DED51E09B17106C446484AFBAC7B13D523E7E5524C78E62A1C90DB54F20EB58BF8A4EDA886EBC1F5C9
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:2024/03/18-10:14:11.680 1dcc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/03/18-10:14:11.682 1dcc Recovering log #3.2024/03/18-10:14:11.682 1dcc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):326
                                                                                                                                                                          Entropy (8bit):5.1749091450007
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:FSMj+q2Pwkn23oH+TcwtpIFUt88S+GXWZmw+8S+GiVkwOwkn23oH+Tcwta/WLJ:J+vYfYebmFUt8yCW/+yBV5JfYebaUJ
                                                                                                                                                                          MD5:9B4BBA6092F48B363793051E573607D6
                                                                                                                                                                          SHA1:258E212DD20BAF88145A28E4367F6170C1AE6725
                                                                                                                                                                          SHA-256:F0289F77A47D589669EF1280E36B7DE032CA874EA163CD5737E33C5FBFEC244F
                                                                                                                                                                          SHA-512:D1B28AC3113B106EED2123A0B929D33274FDBDF6CB9663DED51E09B17106C446484AFBAC7B13D523E7E5524C78E62A1C90DB54F20EB58BF8A4EDA886EBC1F5C9
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:2024/03/18-10:14:11.680 1dcc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/03/18-10:14:11.682 1dcc Recovering log #3.2024/03/18-10:14:11.682 1dcc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 7, 1st free page 5, free pages 2, cookie 0x5, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):28672
                                                                                                                                                                          Entropy (8bit):0.26707851465859517
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:TLPp5yN8h6MvDOH+FxOUwa5qVZ7Nkl25Pe2d:TLh8Gxk+6Uwc8NlYC
                                                                                                                                                                          MD5:04F8B790DF73BD7CD01238F4681C3F44
                                                                                                                                                                          SHA1:DF12D0A21935FC01B36A24BF72AB9640FEBB2077
                                                                                                                                                                          SHA-256:96BD789329E46DD9D83002DC40676922A48A3601BF4B5D7376748B34ECE247A0
                                                                                                                                                                          SHA-512:0DD492C371D310121F7FD57D29F8CE92AA2536A74923AC27F9C4C0C1580C849D7779348FC80410DEBB5EEE14F357EBDF33BF670D1E7B6CCDF15D69AC127AB7C3
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g.......j.j................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 4, database pages 87, cookie 0x66, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):180224
                                                                                                                                                                          Entropy (8bit):0.9237410161604507
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:vyMUfTfnGCTjHbRJkkqtXaWTK+hGgH+6e7E:vyffrnzkkqtXnTK+hNH+5
                                                                                                                                                                          MD5:C97C2FBAAEA45BB3C728D02689216CB2
                                                                                                                                                                          SHA1:CA75AE4F32B49EA8EE1C3FDC4A6A6729460AE9F2
                                                                                                                                                                          SHA-256:DB3E522850328F9150FF442E3680DF9F8A332B504ECECE26F4983D79C0D1482B
                                                                                                                                                                          SHA-512:5CDF0D3D8069092E9656482D2F4BEAAAF0E58CA20B6066FE0EAB0C84EB60DBCF292EC5A6988F93A8077087FD80E887371EF67A443CCDC99CCFDBE42E708D938E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:SQLite format 3......@ .......W...........f......................................................j............O........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data-journal

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2568
                                                                                                                                                                          Entropy (8bit):0.06569804787746028
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:LlOFl1lhtlxn:LS3Bn
                                                                                                                                                                          MD5:A5F8ED66D58664BA1DB656455F23D854
                                                                                                                                                                          SHA1:474167ACEB553AF3FD71C16CE7DB9EB75C4FE5D7
                                                                                                                                                                          SHA-256:A9AFF883F043E5CFADDF6DBDAEF1FEE96549980712BC2F8DCB5FD009DF4BDE03
                                                                                                                                                                          SHA-512:B057A0C1E557FD5908839CDB8B261117FD2407E15D3E4959B9D85543E16EF1F113D3C0BDB493E4CC49B513B4D0097D824F0183AC396F1FFA1072120687D3EE27
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:............r..3...W....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:ASCII text, with very long lines (3951), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):11755
                                                                                                                                                                          Entropy (8bit):5.190465908239046
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
                                                                                                                                                                          MD5:07301A857C41B5854E6F84CA00B81EA0
                                                                                                                                                                          SHA1:7441FC1018508FF4F3DBAA139A21634C08ED979C
                                                                                                                                                                          SHA-256:2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
                                                                                                                                                                          SHA-512:00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\b091c3da-3551-472c-828c-d02343888ada.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:very short file (no magic)
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1
                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:L:L
                                                                                                                                                                          MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                          SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                          SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                          SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\b6bc5ce2-d485-418e-b3d1-d2d49fc97e99.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):25013
                                                                                                                                                                          Entropy (8bit):5.567457659291612
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:9sI+WcWPNBfB98F1+UoAYDCx9Tuqh0VfUC9xbog/OV9ckshrwiYcp2tuf:9sI+WcWPNBfB9u1jacPsSLFts
                                                                                                                                                                          MD5:B51692ADB8941634B80C8A55874FEEED
                                                                                                                                                                          SHA1:FFDA8E7EAB5964FD6C4B09E1F86248AE86DC1077
                                                                                                                                                                          SHA-256:1520DBC8EA167AFC3557D14D27EDDEF8E3C513CDA590CBD833BCAA0394426817
                                                                                                                                                                          SHA-512:FB54DF62DE9461EA0E98806295AF1B8381DE185B943A0356338BC0CF4E727CB077F05E06FCD2932257B561B48BCEEF0A6785DC0676F6A69DDC273FBE464BA85B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13355226851688577","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13355226851688577","location":5,"ma

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\d38e2015-0e92-43ce-b837-e982b92d48fe.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):7935
                                                                                                                                                                          Entropy (8bit):4.923634471056386
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:sV66qlKGJ1jb9JEtyNYUCsedY5Th6Cp9/x+6M8muecmAeCrEe4zvrZcF2X6gE5Ak:sV66NGJZGyNYUCsAYPpj+FVAR4ZYFBf
                                                                                                                                                                          MD5:07228ED359E2B0F18DD23A3D7E05A579
                                                                                                                                                                          SHA1:17D27EA4B05AE32E20771BE28EAD47A8546E4F8E
                                                                                                                                                                          SHA-256:14086BED736D73466128ECBA2BFC2F53C661A9E13EC5C0102707BD90B6F07D93
                                                                                                                                                                          SHA-512:C6DEE3F62624D368C1C21518501309DC40454A1C2EB46C715CCF8210B7D6E5683B2C9244C6688C2F36BEB0C22EE7AC51759C0B0743A979576614E2B98225392E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13355226853072784","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","5826"],"daily_received_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ea316174-08e6-4e3b-a34d-7f75344fd531.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):30096
                                                                                                                                                                          Entropy (8bit):5.566983228112591
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:9sI+MvLoL6RcWPNBfB98F1+UoAYDCx9Tuqh0VfUC9xbog/OV01ackshrwf5ecp22:9sI+MTW6RcWPNBfB9u1jap1aPsS0FtY
                                                                                                                                                                          MD5:0B018EBC92DE7D742510AE607713A14E
                                                                                                                                                                          SHA1:47DABB6D42B84BBAF3FDBC160077215A6258EFA6
                                                                                                                                                                          SHA-256:B3319DDD1438440649BFBA01411801092C15E000D59189D365F61FF919D6C87D
                                                                                                                                                                          SHA-512:0CADE14EC9850E2508285B92B1DAE1F629A9EA4EDA83F4C31D75C9AEC03A379721989C8BCF12DF76B844540DA62802D5D2603042B05CBD8AE2264A15DC688FF4
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13355226851688577","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13355226851688577","location":5,"ma

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\heavy_ad_intervention_opt_out.db

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 4, cookie 0x2, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):16384
                                                                                                                                                                          Entropy (8bit):0.35226517389931394
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:TLC+waBg9LBgVDBgQjiZBgKuFtuQkMbmgcVAzO5kMCgGUg5OR:TLPdBgtBgJBgQjiZS53uQFE27MCgGZsR
                                                                                                                                                                          MD5:D2CCDC36225684AAE8FA563AFEDB14E7
                                                                                                                                                                          SHA1:3759649035F23004A4C30A14C5F0B54191BEBF80
                                                                                                                                                                          SHA-256:080AEE864047C67CB1586A5BA5EDA007AFD18ECC2B702638287E386F159D7AEE
                                                                                                                                                                          SHA-512:1A915AF643D688CA68AEDC1FF26C407D960D18DFDE838B417C437D7ADAC7B91C906E782DCC414784E64287915BD1DE5BB6A282E59AA9FEB8C384B4D4BC5F70EC
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.......Q......Q......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                          Entropy (8bit):0.017262956703125623
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                          MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                          SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                          SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                          SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000001.dbtmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):16
                                                                                                                                                                          Entropy (8bit):3.2743974703476995
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MANIFEST-000001.

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1471
                                                                                                                                                                          Entropy (8bit):5.507705202108334
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:ptd8DSBSov/o/fPHI5HRHEIIqt2YKIt2YKhjKcsD3QNkQj2MYKIMYKhWy3AlkfAo:ptd8DSBSKQnPCHRHExqIYjIY0zi3qkl2
                                                                                                                                                                          MD5:8F346315F3288E1DBB66C236D242C5BE
                                                                                                                                                                          SHA1:B2F4781AA366D5F83FA09A8E84D2AA9DA88FD429
                                                                                                                                                                          SHA-256:919CD44CD9DFBFEF67456DD7B1DFA0AAA680C0B6AE74F6A6480FC935E62DF524
                                                                                                                                                                          SHA-512:DA6DD5275EA13B52A6D363E5D5B48C2F1FBC794637AD4702051D7B4F5D01AEEB921A4D5DFF749B48113CC8848D5700F98E9530F2F10194F8DE3B20353B95C6D3
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:A..r.................20_1_1...1.,U.................20_1_1...1....0................39_config..........6.....n ....1u}.=................~v..................4_IPH_CompanionSidePanel...IPH_CompanionSidePanel....$4_IPH_CompanionSidePanelRegionSearch(."IPH_CompanionSidePanelRegionSearch.....4_IPH_DownloadToolbarButton...IPH_DownloadToolbarButton....&4_IPH_FocusHelpBubbleScreenReaderPromo*.$IPH_FocusHelpBubbleScreenReaderPromo.....4_IPH_GMCCastStartStop...IPH_GMCCastStartStop.....4_IPH_HighEfficiencyMode...IPH_HighEfficiencyMode.....4_IPH_LiveCaption...IPH_LiveCaption.....4_IPH_PasswordsAccountStorage!..IPH_PasswordsAccountStorage...."4_IPH_PasswordsWebAppProfileSwitch&. IPH_PasswordsWebAppProfileSwitch....-4_IPH_PriceInsightsPageActionIconLabelFeature1.+IPH_PriceInsightsPageActionIconLabelFeature.....4_IPH_PriceTrackingChipFeature"..IPH_PriceTrackingChipFeature....&4_IPH_PriceTrackingEmailConsentFeature*.$IPH_PriceTrackingEmailConsentFeature....-4_IPH_PriceTrackingPageActionIc

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):16
                                                                                                                                                                          Entropy (8bit):3.2743974703476995
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MANIFEST-000001.

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):281
                                                                                                                                                                          Entropy (8bit):5.208573317041498
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:FjS3B1wkn23oH+Tcwtfrl2KLlv60M+q2Pwkn23oH+TcwtfrK+IFUv:ffYeb1LvM+vYfYeb23FUv
                                                                                                                                                                          MD5:EC12B524CB9507A1759A939B661ABE96
                                                                                                                                                                          SHA1:C6B174D663AA91A99F5894912DAC3A615629A65C
                                                                                                                                                                          SHA-256:AFF4118EBB3D29E41C03C7831EF980DD2D216EAF638388C811172A1BA72C8AF2
                                                                                                                                                                          SHA-512:DB26A8529A182D3989D62CFC19B69438EEF4FF15561D5BB03FD9DF5B8E71B90E36087AA5FA40D94F31E1055A7F954FD028FEB92E06927FF115D698D9B8D20622
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:2024/03/18-10:14:13.167 1d8c Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db since it was missing..2024/03/18-10:14:13.440 1d8c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:OpenPGP Secret Key
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):41
                                                                                                                                                                          Entropy (8bit):4.704993772857998
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000001.dbtmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):16
                                                                                                                                                                          Entropy (8bit):3.2743974703476995
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MANIFEST-000001.

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):729
                                                                                                                                                                          Entropy (8bit):3.926952040545251
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:G0nYUtTNop//z3p/Uz0RJeNZfPsdbrRF6Nqa:G0nYUtypD3RUSAZfc+
                                                                                                                                                                          MD5:1147E1DA49BE0900A31C4E20B2269A6B
                                                                                                                                                                          SHA1:9D8F52F98B6944BFE3ADDD5188152A606334BBA5
                                                                                                                                                                          SHA-256:6594EA251FBBC3CBA882C31311F714D754306945E8550F68C71D90130D32DD39
                                                                                                                                                                          SHA-512:947C6FE6696DF372DEBB057C39FBB09061D844CC1CF64E43B2A8AC3EAB40DBC48EC292C3FF135E85D096BBF98EE31580C1C184EA1123600F5A42C4F36535B5F9
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_.....,.1..................19_.....QL.s.................18_.....<.J|.................37_...... .A.................38_..........................39_.........................3_..........................4_.....4.9..................20_......R...................20_.......1..................19_......(...................18_.....I.Ha.................37_......m.}.................38_..........................39_......M...................3_......-D..................4_.....P"...................9_.........................9_.....

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):16
                                                                                                                                                                          Entropy (8bit):3.2743974703476995
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MANIFEST-000001.

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):299
                                                                                                                                                                          Entropy (8bit):5.174802815407527
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:FDFYwB1wkn23oH+Tcwtfrzs52KLlv3SMM+q2Pwkn23oH+TcwtfrzAdIFUv:c7fYebs9LtpM+vYfYeb9FUv
                                                                                                                                                                          MD5:71C79AFC526A9293A752729165403A85
                                                                                                                                                                          SHA1:B0EFA38B50EA4AD84645501C5D43DBC0F6336B5C
                                                                                                                                                                          SHA-256:14153EAE0ECB71F73291F7F574B4B81F80D4BE12907D7C807E3919EA4E9A22C6
                                                                                                                                                                          SHA-512:1D41F11F965F0A6C7031F6F617BF8025EDD2EE70ED36722C2CF4508E171286CD55343AE864397F398CB45312ADC0F27CB3164EDC06659316895009088811A084
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:2024/03/18-10:14:13.135 1d8c Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata since it was missing..2024/03/18-10:14:13.156 1d8c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:OpenPGP Secret Key
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):41
                                                                                                                                                                          Entropy (8bit):4.704993772857998
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_0

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):8192
                                                                                                                                                                          Entropy (8bit):0.01057775872642915
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:MsFl:/F
                                                                                                                                                                          MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                          SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                          SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                          SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_1

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):270336
                                                                                                                                                                          Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                                          MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                          SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                          SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                          SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_2

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):8192
                                                                                                                                                                          Entropy (8bit):0.011852361981932763
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:MsHlDll:/H
                                                                                                                                                                          MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                          SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                          SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                          SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_3

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):8192
                                                                                                                                                                          Entropy (8bit):0.012340643231932763
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                          MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                          SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                          SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                          SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\index

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):262512
                                                                                                                                                                          Entropy (8bit):9.553120663130604E-4
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:LsNlqa:Ls3q
                                                                                                                                                                          MD5:DAF217C5F86191FDC166DA5F77AC439B
                                                                                                                                                                          SHA1:450A5455EA493DC749C5846F31048BFAC33EA224
                                                                                                                                                                          SHA-256:3E1E96AB8E7B72302117385CCC6F2CC2B69582E21E5D357CA415B9904179746C
                                                                                                                                                                          SHA-512:ADEF5A19DCD19B385DD8C43341DA1FC2314B1565078C2A03813860CBD5EF1F95ADBB0E807D87BA944BC318D291E1E3A88982AD8C3B52C2400FE681FDD774D0F0
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.........................................c...r/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_0

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):8192
                                                                                                                                                                          Entropy (8bit):0.01057775872642915
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:MsFl:/F
                                                                                                                                                                          MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                          SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                          SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                          SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_1

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):270336
                                                                                                                                                                          Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                                          MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                          SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                          SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                          SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_2

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):8192
                                                                                                                                                                          Entropy (8bit):0.011852361981932763
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:MsHlDll:/H
                                                                                                                                                                          MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                          SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                          SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                          SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_3

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):8192
                                                                                                                                                                          Entropy (8bit):0.012340643231932763
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                          MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                          SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                          SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                          SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\index

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):262512
                                                                                                                                                                          Entropy (8bit):9.553120663130604E-4
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:LsNl6:Ls36
                                                                                                                                                                          MD5:00F7929B8342416B121C0AA5F658C449
                                                                                                                                                                          SHA1:FE316C9345561832B94274344EBB4E83AE75FEF4
                                                                                                                                                                          SHA-256:E1980A8641915856A5ACE07FF8C9643B2A6CD3241A03415446DC84FCCE2D0B16
                                                                                                                                                                          SHA-512:3CCAD427CEECCF4386DB3C63E50E865A22083C714F5F241CA22DFD3D8956ED613D5BB8D03466E7499EEAD8A3B72926E2FF73F41CA1D6463807DB97F109C75729
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.............................................r/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):120
                                                                                                                                                                          Entropy (8bit):3.32524464792714
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
                                                                                                                                                                          MD5:A397E5983D4A1619E36143B4D804B870
                                                                                                                                                                          SHA1:AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
                                                                                                                                                                          SHA-256:9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
                                                                                                                                                                          SHA-512:4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):13
                                                                                                                                                                          Entropy (8bit):2.7192945256669794
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:NYLFRQI:ap2I
                                                                                                                                                                          MD5:BF16C04B916ACE92DB941EBB1AF3CB18
                                                                                                                                                                          SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
                                                                                                                                                                          SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
                                                                                                                                                                          SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:117.0.2045.47

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):6820
                                                                                                                                                                          Entropy (8bit):5.79170528301252
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:iaqkHf3Mq5ih/cI9URLl8RotoC6MFVvlwhrRe4IbONIeTC6XQS0qGqk+Z4uj+rj1:ak0DeiRUh2hrT6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                                          MD5:53319F01A3BE2535FD21DD4650DD1834
                                                                                                                                                                          SHA1:7F29062CB4E4837D844AF71A3EDC566C27B07C48
                                                                                                                                                                          SHA-256:3BB95EF28A35ED902A16C3DF9CD85620660325AD703BC076D588F072FE7F7187
                                                                                                                                                                          SHA-512:706F0CC02D5691D84243DF506AA9597342A19FF00322ED82159F427A4A34C31300F958AADE446B70C231A19E79C5B7127BFA4402D1863BB761A492971823444A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABCHUdHIrLWQIEdJ23hTLB4EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACdtb71P9CgiQAVIt2nVwp6x1ErOkLqomFmCWX0BOo+mAAAAAA

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2b4ee.TMP (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):6820
                                                                                                                                                                          Entropy (8bit):5.79170528301252
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:iaqkHf3Mq5ih/cI9URLl8RotoC6MFVvlwhrRe4IbONIeTC6XQS0qGqk+Z4uj+rj1:ak0DeiRUh2hrT6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                                          MD5:53319F01A3BE2535FD21DD4650DD1834
                                                                                                                                                                          SHA1:7F29062CB4E4837D844AF71A3EDC566C27B07C48
                                                                                                                                                                          SHA-256:3BB95EF28A35ED902A16C3DF9CD85620660325AD703BC076D588F072FE7F7187
                                                                                                                                                                          SHA-512:706F0CC02D5691D84243DF506AA9597342A19FF00322ED82159F427A4A34C31300F958AADE446B70C231A19E79C5B7127BFA4402D1863BB761A492971823444A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABCHUdHIrLWQIEdJ23hTLB4EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACdtb71P9CgiQAVIt2nVwp6x1ErOkLqomFmCWX0BOo+mAAAAAA

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2b58a.TMP (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):6820
                                                                                                                                                                          Entropy (8bit):5.79170528301252
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:iaqkHf3Mq5ih/cI9URLl8RotoC6MFVvlwhrRe4IbONIeTC6XQS0qGqk+Z4uj+rj1:ak0DeiRUh2hrT6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                                          MD5:53319F01A3BE2535FD21DD4650DD1834
                                                                                                                                                                          SHA1:7F29062CB4E4837D844AF71A3EDC566C27B07C48
                                                                                                                                                                          SHA-256:3BB95EF28A35ED902A16C3DF9CD85620660325AD703BC076D588F072FE7F7187
                                                                                                                                                                          SHA-512:706F0CC02D5691D84243DF506AA9597342A19FF00322ED82159F427A4A34C31300F958AADE446B70C231A19E79C5B7127BFA4402D1863BB761A492971823444A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABCHUdHIrLWQIEdJ23hTLB4EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACdtb71P9CgiQAVIt2nVwp6x1ErOkLqomFmCWX0BOo+mAAAAAA

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2e0c1.TMP (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):6820
                                                                                                                                                                          Entropy (8bit):5.79170528301252
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:iaqkHf3Mq5ih/cI9URLl8RotoC6MFVvlwhrRe4IbONIeTC6XQS0qGqk+Z4uj+rj1:ak0DeiRUh2hrT6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                                          MD5:53319F01A3BE2535FD21DD4650DD1834
                                                                                                                                                                          SHA1:7F29062CB4E4837D844AF71A3EDC566C27B07C48
                                                                                                                                                                          SHA-256:3BB95EF28A35ED902A16C3DF9CD85620660325AD703BC076D588F072FE7F7187
                                                                                                                                                                          SHA-512:706F0CC02D5691D84243DF506AA9597342A19FF00322ED82159F427A4A34C31300F958AADE446B70C231A19E79C5B7127BFA4402D1863BB761A492971823444A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABCHUdHIrLWQIEdJ23hTLB4EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACdtb71P9CgiQAVIt2nVwp6x1ErOkLqomFmCWX0BOo+mAAAAAA

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF30c46.TMP (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):6820
                                                                                                                                                                          Entropy (8bit):5.79170528301252
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:iaqkHf3Mq5ih/cI9URLl8RotoC6MFVvlwhrRe4IbONIeTC6XQS0qGqk+Z4uj+rj1:ak0DeiRUh2hrT6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                                          MD5:53319F01A3BE2535FD21DD4650DD1834
                                                                                                                                                                          SHA1:7F29062CB4E4837D844AF71A3EDC566C27B07C48
                                                                                                                                                                          SHA-256:3BB95EF28A35ED902A16C3DF9CD85620660325AD703BC076D588F072FE7F7187
                                                                                                                                                                          SHA-512:706F0CC02D5691D84243DF506AA9597342A19FF00322ED82159F427A4A34C31300F958AADE446B70C231A19E79C5B7127BFA4402D1863BB761A492971823444A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABCHUdHIrLWQIEdJ23hTLB4EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACdtb71P9CgiQAVIt2nVwp6x1ErOkLqomFmCWX0BOo+mAAAAAA

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF33663.TMP (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):6820
                                                                                                                                                                          Entropy (8bit):5.79170528301252
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:iaqkHf3Mq5ih/cI9URLl8RotoC6MFVvlwhrRe4IbONIeTC6XQS0qGqk+Z4uj+rj1:ak0DeiRUh2hrT6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                                          MD5:53319F01A3BE2535FD21DD4650DD1834
                                                                                                                                                                          SHA1:7F29062CB4E4837D844AF71A3EDC566C27B07C48
                                                                                                                                                                          SHA-256:3BB95EF28A35ED902A16C3DF9CD85620660325AD703BC076D588F072FE7F7187
                                                                                                                                                                          SHA-512:706F0CC02D5691D84243DF506AA9597342A19FF00322ED82159F427A4A34C31300F958AADE446B70C231A19E79C5B7127BFA4402D1863BB761A492971823444A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABCHUdHIrLWQIEdJ23hTLB4EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACdtb71P9CgiQAVIt2nVwp6x1ErOkLqomFmCWX0BOo+mAAAAAA

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF33912.TMP (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):6820
                                                                                                                                                                          Entropy (8bit):5.79170528301252
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:iaqkHf3Mq5ih/cI9URLl8RotoC6MFVvlwhrRe4IbONIeTC6XQS0qGqk+Z4uj+rj1:ak0DeiRUh2hrT6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                                          MD5:53319F01A3BE2535FD21DD4650DD1834
                                                                                                                                                                          SHA1:7F29062CB4E4837D844AF71A3EDC566C27B07C48
                                                                                                                                                                          SHA-256:3BB95EF28A35ED902A16C3DF9CD85620660325AD703BC076D588F072FE7F7187
                                                                                                                                                                          SHA-512:706F0CC02D5691D84243DF506AA9597342A19FF00322ED82159F427A4A34C31300F958AADE446B70C231A19E79C5B7127BFA4402D1863BB761A492971823444A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABCHUdHIrLWQIEdJ23hTLB4EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACdtb71P9CgiQAVIt2nVwp6x1ErOkLqomFmCWX0BOo+mAAAAAA

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF33951.TMP (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):6820
                                                                                                                                                                          Entropy (8bit):5.79170528301252
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:iaqkHf3Mq5ih/cI9URLl8RotoC6MFVvlwhrRe4IbONIeTC6XQS0qGqk+Z4uj+rj1:ak0DeiRUh2hrT6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                                          MD5:53319F01A3BE2535FD21DD4650DD1834
                                                                                                                                                                          SHA1:7F29062CB4E4837D844AF71A3EDC566C27B07C48
                                                                                                                                                                          SHA-256:3BB95EF28A35ED902A16C3DF9CD85620660325AD703BC076D588F072FE7F7187
                                                                                                                                                                          SHA-512:706F0CC02D5691D84243DF506AA9597342A19FF00322ED82159F427A4A34C31300F958AADE446B70C231A19E79C5B7127BFA4402D1863BB761A492971823444A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABCHUdHIrLWQIEdJ23hTLB4EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACdtb71P9CgiQAVIt2nVwp6x1ErOkLqomFmCWX0BOo+mAAAAAA

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF33960.TMP (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):6820
                                                                                                                                                                          Entropy (8bit):5.79170528301252
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:iaqkHf3Mq5ih/cI9URLl8RotoC6MFVvlwhrRe4IbONIeTC6XQS0qGqk+Z4uj+rj1:ak0DeiRUh2hrT6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                                          MD5:53319F01A3BE2535FD21DD4650DD1834
                                                                                                                                                                          SHA1:7F29062CB4E4837D844AF71A3EDC566C27B07C48
                                                                                                                                                                          SHA-256:3BB95EF28A35ED902A16C3DF9CD85620660325AD703BC076D588F072FE7F7187
                                                                                                                                                                          SHA-512:706F0CC02D5691D84243DF506AA9597342A19FF00322ED82159F427A4A34C31300F958AADE446B70C231A19E79C5B7127BFA4402D1863BB761A492971823444A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABCHUdHIrLWQIEdJ23hTLB4EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACdtb71P9CgiQAVIt2nVwp6x1ErOkLqomFmCWX0BOo+mAAAAAA

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3a336.TMP (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):6820
                                                                                                                                                                          Entropy (8bit):5.79170528301252
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:iaqkHf3Mq5ih/cI9URLl8RotoC6MFVvlwhrRe4IbONIeTC6XQS0qGqk+Z4uj+rj1:ak0DeiRUh2hrT6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                                          MD5:53319F01A3BE2535FD21DD4650DD1834
                                                                                                                                                                          SHA1:7F29062CB4E4837D844AF71A3EDC566C27B07C48
                                                                                                                                                                          SHA-256:3BB95EF28A35ED902A16C3DF9CD85620660325AD703BC076D588F072FE7F7187
                                                                                                                                                                          SHA-512:706F0CC02D5691D84243DF506AA9597342A19FF00322ED82159F427A4A34C31300F958AADE446B70C231A19E79C5B7127BFA4402D1863BB761A492971823444A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABCHUdHIrLWQIEdJ23hTLB4EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACdtb71P9CgiQAVIt2nVwp6x1ErOkLqomFmCWX0BOo+mAAAAAA

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3ca56.TMP (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):6820
                                                                                                                                                                          Entropy (8bit):5.79170528301252
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:iaqkHf3Mq5ih/cI9URLl8RotoC6MFVvlwhrRe4IbONIeTC6XQS0qGqk+Z4uj+rj1:ak0DeiRUh2hrT6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                                          MD5:53319F01A3BE2535FD21DD4650DD1834
                                                                                                                                                                          SHA1:7F29062CB4E4837D844AF71A3EDC566C27B07C48
                                                                                                                                                                          SHA-256:3BB95EF28A35ED902A16C3DF9CD85620660325AD703BC076D588F072FE7F7187
                                                                                                                                                                          SHA-512:706F0CC02D5691D84243DF506AA9597342A19FF00322ED82159F427A4A34C31300F958AADE446B70C231A19E79C5B7127BFA4402D1863BB761A492971823444A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABCHUdHIrLWQIEdJ23hTLB4EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACdtb71P9CgiQAVIt2nVwp6x1ErOkLqomFmCWX0BOo+mAAAAAA

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4316c.TMP (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):6820
                                                                                                                                                                          Entropy (8bit):5.79170528301252
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:iaqkHf3Mq5ih/cI9URLl8RotoC6MFVvlwhrRe4IbONIeTC6XQS0qGqk+Z4uj+rj1:ak0DeiRUh2hrT6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                                          MD5:53319F01A3BE2535FD21DD4650DD1834
                                                                                                                                                                          SHA1:7F29062CB4E4837D844AF71A3EDC566C27B07C48
                                                                                                                                                                          SHA-256:3BB95EF28A35ED902A16C3DF9CD85620660325AD703BC076D588F072FE7F7187
                                                                                                                                                                          SHA-512:706F0CC02D5691D84243DF506AA9597342A19FF00322ED82159F427A4A34C31300F958AADE446B70C231A19E79C5B7127BFA4402D1863BB761A492971823444A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABCHUdHIrLWQIEdJ23hTLB4EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACdtb71P9CgiQAVIt2nVwp6x1ErOkLqomFmCWX0BOo+mAAAAAA

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):20480
                                                                                                                                                                          Entropy (8bit):0.46731661083066856
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:TL1QAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3is25q0S9K0xHZ75fOV:TLiOUOq0afDdWec9sJf5Q7J5fc
                                                                                                                                                                          MD5:E93ACF0820CA08E5A5D2D159729F70E3
                                                                                                                                                                          SHA1:2C1A4D4924B9AEC1A796F108607404B000877C5D
                                                                                                                                                                          SHA-256:F2267FDA7F45499F7A01186B75CEFB799F8D2BC97E2E9B5068952D477294302C
                                                                                                                                                                          SHA-512:3BF36C20E04DCF1C16DC794E272F82F68B0DE43F16B4A9746B63B6D6BBC953B00BD7111CDA7AFE85CEBB2C447145483A382B15E2B0A5B36026C3441635D4E50C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_0

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):8192
                                                                                                                                                                          Entropy (8bit):0.01057775872642915
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:MsFl:/F
                                                                                                                                                                          MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                          SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                          SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                          SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):270336
                                                                                                                                                                          Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                                          MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                          SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                          SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                          SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_2

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):8192
                                                                                                                                                                          Entropy (8bit):0.011852361981932763
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:MsHlDll:/H
                                                                                                                                                                          MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                          SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                          SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                          SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_3

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):8192
                                                                                                                                                                          Entropy (8bit):0.012340643231932763
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                          MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                          SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                          SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                          SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\index

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):262512
                                                                                                                                                                          Entropy (8bit):9.553120663130604E-4
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:LsNlFF1Xa:Ls3
                                                                                                                                                                          MD5:9ACB057B3F03FD848AB515058FD7A7CB
                                                                                                                                                                          SHA1:3657FDA880BDA6A9482C7F5D8105B50A5162C486
                                                                                                                                                                          SHA-256:1C09179FEDDF5C0D5A0F94D1D0A8D550BEDA646A1788FB4E78505134F4D05FBB
                                                                                                                                                                          SHA-512:80157CEF25276EE913630A4344F3D3210C98A0D04FDB0EE5415D19CD4A1839CEA0F025E2580E5ED540D3D77EB78A7F968EF66F3D21897923862C1EC56F9D3C87
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:..........................................`..r/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSynchronousLookupUris

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):29
                                                                                                                                                                          Entropy (8bit):3.922828737239167
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:2NGw+K+:fwZ+
                                                                                                                                                                          MD5:7BAAFE811F480ACFCCCEE0D744355C79
                                                                                                                                                                          SHA1:24B89AE82313084BB8BBEB9AD98A550F41DF7B27
                                                                                                                                                                          SHA-256:D5743766AF0312C7B7728219FC24A03A4FB1C2A54A506F337953FBC2C1B847C7
                                                                                                                                                                          SHA-512:70FE1C197AF507CC0D65E99807D245C896A40A4271BA1121F9B621980877B43019E584C48780951FC1AD2A5D7D146FC6EA4678139A5B38F9B6F7A5F1E2E86BA3
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:customSynchronousLookupUris_0

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSynchronousLookupUris_0

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):35302
                                                                                                                                                                          Entropy (8bit):7.99333285466604
                                                                                                                                                                          Encrypted:true
                                                                                                                                                                          SSDEEP:768:rRhaFePY38QBsj61g3g01LXoDGPpgb8KbMcnjrQCckBuJyqk3x8cBBT:rLP+TBK6ZQLXSsaMcnHQQcox80
                                                                                                                                                                          MD5:0E06E28C3536360DE3486B1A9E5195E8
                                                                                                                                                                          SHA1:EB768267F34EC16A6CCD1966DCA4C3C2870268AB
                                                                                                                                                                          SHA-256:F2658B1C913A96E75B45E6ADB464C8D796B34AC43BAF1635AA32E16D1752971C
                                                                                                                                                                          SHA-512:45F1E909599E2F63372867BC359CF72FD846619DFEB5359E52D5700E0B1BCFFE5FF07606511A3BFFDDD933A0507195439457E4E29A49EB6451F26186B7240041
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.......murmur3.....IN...9.......0..X..#l....C....]......pv..E..........,..?.N?....V..B-.*.F.1....g|..._.>'.-(V... .=.7P.m....#}.r.....>.LE...G.A.h5........J..=..L^-.Zl++,..h..o.y..~j.]u...W...&s.........M..........h3b..[.5.]..V^w.........a.*...6g3..%.gy../{|Z.B..X.}5.]..t.1.H&B.[.).$Y......2....L.t...{...[WE.yy.]..e.v0..\.J3..T.`1Lnh.../..-=w...W.&N7.nz.P...z......'i..R6....../....t.[..&-.....T&l..e....$.8.."....Iq....J.v..|.6.M...zE...a9uw..'.$6.L..m$......NB).JL.G.7}8(`....J.)b.E.m...c.0I.V...|$....;.k.......*8v..l.:..@.F.........K..2...%(...kA......LJd~._A.N.....$3...5....Z"...X=.....%.........6.k.....F..1..l,ia..i.i....y.M..Cl.....*...}.I..r..-+=b.6....%...#...W..K.....=.F....~.....[.......-...../;....~.09..d.....GR..H.lR...m.Huh9.:..A H./)..D.F..Y.n7.....7D.O.a;>Z.K....w...sq..qo3N...8@.zpD.Ku......+.Z=.zNFgP._@.z.ic.......3.....+..j...an%...X..7.q..A.l.7.S2..+....1.s.b..z...@v..!.y...N.C.XQ.p.\..x8(.<.....cq.(

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):18
                                                                                                                                                                          Entropy (8bit):3.5724312513221195
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:kDnaV6bVon:kDYa2
                                                                                                                                                                          MD5:5692162977B015E31D5F35F50EFAB9CF
                                                                                                                                                                          SHA1:705DC80E8B32AC8B68F7E13CF8A75DCCB251ED7D
                                                                                                                                                                          SHA-256:42CCB5159B168DBE5D5DDF026E5F7ED3DBF50873CFE47C7C3EF0677BB07B90D4
                                                                                                                                                                          SHA-512:32905A4CC5BCE0FE8502DDD32096F40106625218BEDC4E218A344225D6DF2595A7B70EEB3695DCEFDD894ECB2B66BED479654E8E07F02526648E07ACFE47838C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:edgeSettings_2.0-0

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-0

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3581
                                                                                                                                                                          Entropy (8bit):4.459693941095613
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:JTMhnytNaSA4BOsNQNhnUZTFGKDIWHCgL5tfHaaJzRHF+P1sYmnfHUdT+GWBH7Y/:KyMot7vjFU
                                                                                                                                                                          MD5:BDE38FAE28EC415384B8CFE052306D6C
                                                                                                                                                                          SHA1:3019740AF622B58D573C00BF5C98DD77F3FBB5CD
                                                                                                                                                                          SHA-256:1F4542614473AE103A5EE3DEEEC61D033A40271CFF891AAA6797534E4DBB4D20
                                                                                                                                                                          SHA-512:9C369D69298EBF087412EDA782EE72AFE5448FD0D69EA5141C2744EA5F6C36CDF70A51845CDC174838BAC0ADABDFA70DF6AEDBF6E7867578AE7C4B7805A8B55E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"models":[],"geoidMaps":{"gw_my":"https://malaysia.smartscreen.microsoft.com/","gw_tw":"https://taiwan.smartscreen.microsoft.com/","gw_at":"https://austria.smartscreen.microsoft.com/","gw_es":"https://spain.smartscreen.microsoft.com/","gw_pl":"https://poland.smartscreen.microsoft.com/","gw_se":"https://sweden.smartscreen.microsoft.com/","gw_kr":"https://southkorea.smartscreen.microsoft.com/","gw_br":"https://brazil.smartscreen.microsoft.com/","au":"https://australia.smartscreen.microsoft.com/","dk":"https://denmark.smartscreen.microsoft.com/","gw_sg":"https://singapore.smartscreen.microsoft.com/","gw_fr":"https://france.smartscreen.microsoft.com/","gw_ca":"https://canada.smartscreen.microsoft.com/","test":"https://eu-9.smartscreen.microsoft.com/","gw_il":"https://israel.smartscreen.microsoft.com/","gw_au":"https://australia.smartscreen.microsoft.com/","gw_ffl4mod":"https://unitedstates4.ss.wd.microsoft.us/","gw_ffl4":"https://unitedstates1.ss.wd.microsoft.us/","gw_eu":"https://europe.

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):47
                                                                                                                                                                          Entropy (8bit):4.493433469104717
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:kfKbQSQSuLA5:kyUc5
                                                                                                                                                                          MD5:3F90757B200B52DCF5FDAC696EFD3D60
                                                                                                                                                                          SHA1:569A2E1BED9ECCDF7CD03E270AEF2BD7FF9B0E77
                                                                                                                                                                          SHA-256:1EE63F0A3502CFB7DF195FABBA41A7805008AB2CCCDAEB9AF990409D163D60C8
                                                                                                                                                                          SHA-512:39252BBAA33130DF50F36178A8EAB1D09165666D8A229FBB3495DD01CBE964F87CD2E6FCD479DFCA36BE06309EF18FEDA7F14722C57545203BBA24972D4835C8
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:synchronousLookupUris_636976985063396749.rel.v2

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_636976985063396749.rel.v2

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):35302
                                                                                                                                                                          Entropy (8bit):7.99333285466604
                                                                                                                                                                          Encrypted:true
                                                                                                                                                                          SSDEEP:768:rRhaFePY38QBsj61g3g01LXoDGPpgb8KbMcnjrQCckBuJyqk3x8cBBT:rLP+TBK6ZQLXSsaMcnHQQcox80
                                                                                                                                                                          MD5:0E06E28C3536360DE3486B1A9E5195E8
                                                                                                                                                                          SHA1:EB768267F34EC16A6CCD1966DCA4C3C2870268AB
                                                                                                                                                                          SHA-256:F2658B1C913A96E75B45E6ADB464C8D796B34AC43BAF1635AA32E16D1752971C
                                                                                                                                                                          SHA-512:45F1E909599E2F63372867BC359CF72FD846619DFEB5359E52D5700E0B1BCFFE5FF07606511A3BFFDDD933A0507195439457E4E29A49EB6451F26186B7240041
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.......murmur3.....IN...9.......0..X..#l....C....]......pv..E..........,..?.N?....V..B-.*.F.1....g|..._.>'.-(V... .=.7P.m....#}.r.....>.LE...G.A.h5........J..=..L^-.Zl++,..h..o.y..~j.]u...W...&s.........M..........h3b..[.5.]..V^w.........a.*...6g3..%.gy../{|Z.B..X.}5.]..t.1.H&B.[.).$Y......2....L.t...{...[WE.yy.]..e.v0..\.J3..T.`1Lnh.../..-=w...W.&N7.nz.P...z......'i..R6....../....t.[..&-.....T&l..e....$.8.."....Iq....J.v..|.6.M...zE...a9uw..'.$6.L..m$......NB).JL.G.7}8(`....J.)b.E.m...c.0I.V...|$....;.k.......*8v..l.:..@.F.........K..2...%(...kA......LJd~._A.N.....$3...5....Z"...X=.....%.........6.k.....F..1..l,ia..i.i....y.M..Cl.....*...}.I..r..-+=b.6....%...#...W..K.....=.F....~.....[.......-...../;....~.09..d.....GR..H.lR...m.Huh9.:..A H./)..D.F..Y.n7.....7D.O.a;>Z.K....w...sq..qo3N...8@.zpD.Ku......+.Z=.zNFgP._@.z.ic.......3.....+..j...an%...X..7.q..A.l.7.S2..+....1.s.b..z...@v..!.y...N.C.XQ.p.\..x8(.<.....cq.(

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):86
                                                                                                                                                                          Entropy (8bit):4.389669793590032
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:YQ3JYq9xSs0dMEJAELJ25AmIpozQOn:YQ3Kq9X0dMgAEiLIMn
                                                                                                                                                                          MD5:03B6D5E81A4DC4D4E6C27BE1E932B9D9
                                                                                                                                                                          SHA1:3C5EF0615314BDB136AB57C90359F1839BDD5C93
                                                                                                                                                                          SHA-256:73B017F7C5ECD629AD41D14147D53F7D3D070C5967E1E571811A6DB39F06EACC
                                                                                                                                                                          SHA-512:0037EB23CCDBDDE93CFEB7B9A223D59D0872D4EC7F5E3CA4F7767A7301E96E1AF1175980DC4F08531D5571AFB94DF789567588DEB2D6D611C57EE4CC05376547
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"user_experience_metrics.stability.exited_cleanly":true,"variations_crash_streak":15}

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ac64a28b-0004-4f57-8ff2-8ceca8c46663.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):28956
                                                                                                                                                                          Entropy (8bit):6.066334028688685
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:eF5kruq4eVbAXbUlW9pzmVieMQWonubZpG2J:eFmi3bXYApz0jwBZpBJ
                                                                                                                                                                          MD5:3E005668767A38A6155B94BAE8503E70
                                                                                                                                                                          SHA1:3A65CF892FB84BB3BBC932B1706E2C01C7F913B8
                                                                                                                                                                          SHA-256:8DB402B49DDF75A25C5C57CDBADED14CB214171963011BE270EF8359F9F802E7
                                                                                                                                                                          SHA-512:D259AAE9B7AB68AFE6D85F9126D8A4C1961A03ECA7D2708DCDF074DF8598CC5F7680131AD834A6959F68CD47B0D0A3920ACD85530853E8C38D4D40DED0359358
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"2C0F69384C552B8D73643971270674692CF506B7F6C6B94E46F1EDD23D076B4C\"","apps_count_check_time":"13355226854517077","browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL19a3PktrH2X1HpU5LyQNLe5M355HeziV3Jxi5nU656T6VUIIghIYIAF5eZ4bj83083ONJKOwRmmutzPngtUXxwY6Nv6G78evmdqa1z/N/f/biRzqlaXv7510s+DFoJHpQ1/vLP//2fby4HCw+UxN9+vTS8h9cu39eN/Pd3l99chnHA3wfuguL6ZzloLmQvTYC/bbiO+MfvoEn5i6z+rsLV65e37OWbiz/8/fuPH/7xzYVWnbz4mxSd/ePFu9bZXl7dXrNr9vL1y2/ZzfWLi3/xNXfqAYbdXt3AX25v37y8/O2bx/FM2KcjkvDqR9tJMz+mp+C/2H/a8LgGjy3Uzx4/eR9H8fbt/8rk376Fyb/69tUrdvvqeO7Tn29uXl+z16+Pp/9/Pqa5LwBE9U4r6O97ZYIvf4+jdw8D/PXSS7ES7SryFa/rRHiV4wZ+uvybtY2Wh7Fd/gb0+fldJ3u7Afx/X35Qwllv1yGRzCW8Fb10d7yBzu7sI7kDGWAL8LsHer/8881v31zyzc2dsLUUd2vJQ3TyTrSwHk9QR5vk8EDWd2mvjNDwj0P4MeKa17bnCpq+NDKstdoxYfu0budDfIi1sn5CZjbkI/iw3N9tbt7hJP46zeEdTuHwztGMRd1TZ2f0+H43WC9/0nz8WfJ

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\c646bc86-a444-4cc9-8dbe-9c7eb9b18d82.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):7606
                                                                                                                                                                          Entropy (8bit):5.57072398649169
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:odsNwjMtViRUh8iQdJQrEkOb+TgVs93l8v8:odsNw4G88iQwrfORVs918v8
                                                                                                                                                                          MD5:BCB997F45B1976945C3E743C4756F51C
                                                                                                                                                                          SHA1:E26E1E15670010DF481331EFBFFC7491EDE298C8
                                                                                                                                                                          SHA-256:AD81CF7FAFA2F707D77DF1A3BE53CCA99D4A6799AF352822A489E57A3DDEE328
                                                                                                                                                                          SHA-512:5025C91BAAB6E7FF18B51100E87C8826CE6B8644197B043E64AEFA3548624D71BCCE853EC8F15B60342DBCDB17C3D31135C15B19F518A3CA101598A04C671710
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"apps_count_check_time":"13355226854517077","browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAAMAAAAAAAAAAAA=","dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"oem_bookmarks_set":true,"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"host_package_checked_on_browser_version":"117.0

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\d8fa7f6f-5501-4e4b-8079-c5492a1a370b.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):27132
                                                                                                                                                                          Entropy (8bit):6.071658987266338
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:eF5kruq4eVbAXbUONQO6XeMQWonubZpG22:eFmi3bXYLOwBZpB2
                                                                                                                                                                          MD5:3C50722AD956674662E15B8DF2A0D43F
                                                                                                                                                                          SHA1:D8539CF46DF620CE33C285E058A12A371BEA3100
                                                                                                                                                                          SHA-256:8CFA0921274CF0DCD9923B6D1DD263497B4A959B4915883531630B9D157C5FD3
                                                                                                                                                                          SHA-512:59D49B41088D2C261BF5A479DDE61033366E641A21AA05D04F3070AA2E4220EC7A4FA77A696DC3A06A44DF5521F3BFE54712CBC0EEBAC856822E01589A9919F6
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"2C0F69384C552B8D73643971270674692CF506B7F6C6B94E46F1EDD23D076B4C\"","apps_count_check_time":"13355226854517077","browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL19a3PktrH2X1HpU5LyQNLe5M355HeziV3Jxi5nU656T6VUIIghIYIAF5eZ4bj83083ONJKOwRmmutzPngtUXxwY6Nv6G78evmdqa1z/N/f/biRzqlaXv7510s+DFoJHpQ1/vLP//2fby4HCw+UxN9+vTS8h9cu39eN/Pd3l99chnHA3wfuguL6ZzloLmQvTYC/bbiO+MfvoEn5i6z+rsLV65e37OWbiz/8/fuPH/7xzYVWnbz4mxSd/ePFu9bZXl7dXrNr9vL1y2/ZzfWLi3/xNXfqAYbdXt3AX25v37y8/O2bx/FM2KcjkvDqR9tJMz+mp+C/2H/a8LgGjy3Uzx4/eR9H8fbt/8rk376Fyb/69tUrdvvqeO7Tn29uXl+z16+Pp/9/Pqa5LwBE9U4r6O97ZYIvf4+jdw8D/PXSS7ES7SryFa/rRHiV4wZ+uvybtY2Wh7Fd/gb0+fldJ3u7Afx/X35Qwllv1yGRzCW8Fb10d7yBzu7sI7kDGWAL8LsHer/8881v31zyzc2dsLUUd2vJQ3TyTrSwHk9QR5vk8EDWd2mvjNDwj0P4MeKa17bnCpq+NDKstdoxYfu0budDfIi1sn5CZjbkI/iw3N9tbt7hJP46zeEdTuHwztGMRd1TZ2f0+H43WC9/0nz8WfJ

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\d9be0664-524a-439b-9997-103ca779f898.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):6820
                                                                                                                                                                          Entropy (8bit):5.79170528301252
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:iaqkHf3Mq5ih/cI9URLl8RotoC6MFVvlwhrRe4IbONIeTC6XQS0qGqk+Z4uj+rj1:ak0DeiRUh2hrT6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                                          MD5:53319F01A3BE2535FD21DD4650DD1834
                                                                                                                                                                          SHA1:7F29062CB4E4837D844AF71A3EDC566C27B07C48
                                                                                                                                                                          SHA-256:3BB95EF28A35ED902A16C3DF9CD85620660325AD703BC076D588F072FE7F7187
                                                                                                                                                                          SHA-512:706F0CC02D5691D84243DF506AA9597342A19FF00322ED82159F427A4A34C31300F958AADE446B70C231A19E79C5B7127BFA4402D1863BB761A492971823444A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABCHUdHIrLWQIEdJ23hTLB4EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACdtb71P9CgiQAVIt2nVwp6x1ErOkLqomFmCWX0BOo+mAAAAAA

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\db41b1b6-5324-401c-8b66-327e304fe79a.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):26037
                                                                                                                                                                          Entropy (8bit):6.069801839545602
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:eF5kruq4eVbAXbUOUpORreMQWonubZpG22:eFmi3bXY46wBZpB2
                                                                                                                                                                          MD5:9A5F539B048F67D7C9C90B4D188BB406
                                                                                                                                                                          SHA1:10B4806875C48ACF84B0E69C2775C3A81272A208
                                                                                                                                                                          SHA-256:0E13CBBBE16E8C580C98911333CDAC1DB395F474A5723E1181353D45EBAD7504
                                                                                                                                                                          SHA-512:62F50E3B49B39CBFCC6A2B3E5792388E6BA91D9097050DDB6904AA2A23FE5DDD2E370CCAF6120CD3BE3DFB991FADC4DF90452474A040B6628F9536BBE43E2149
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"2C0F69384C552B8D73643971270674692CF506B7F6C6B94E46F1EDD23D076B4C\"","apps_count_check_time":"13355226854517077","browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL19a3PktrH2X1HpU5LyQNLe5M355HeziV3Jxi5nU656T6VUIIghIYIAF5eZ4bj83083ONJKOwRmmutzPngtUXxwY6Nv6G78evmdqa1z/N/f/biRzqlaXv7510s+DFoJHpQ1/vLP//2fby4HCw+UxN9+vTS8h9cu39eN/Pd3l99chnHA3wfuguL6ZzloLmQvTYC/bbiO+MfvoEn5i6z+rsLV65e37OWbiz/8/fuPH/7xzYVWnbz4mxSd/ePFu9bZXl7dXrNr9vL1y2/ZzfWLi3/xNXfqAYbdXt3AX25v37y8/O2bx/FM2KcjkvDqR9tJMz+mp+C/2H/a8LgGjy3Uzx4/eR9H8fbt/8rk376Fyb/69tUrdvvqeO7Tn29uXl+z16+Pp/9/Pqa5LwBE9U4r6O97ZYIvf4+jdw8D/PXSS7ES7SryFa/rRHiV4wZ+uvybtY2Wh7Fd/gb0+fldJ3u7Afx/X35Qwllv1yGRzCW8Fb10d7yBzu7sI7kDGWAL8LsHer/8881v31zyzc2dsLUUd2vJQ3TyTrSwHk9QR5vk8EDWd2mvjNDwj0P4MeKa17bnCpq+NDKstdoxYfu0budDfIi1sn5CZjbkI/iw3N9tbt7hJP46zeEdTuHwztGMRd1TZ2f0+H43WC9/0nz8WfJ

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{E01EEBC0-E507-11EE-8C2C-ECF4BBEA1588}.dat

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):9216
                                                                                                                                                                          Entropy (8bit):2.895365988975935
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:Su3Al2BY0YYkQ6Tf8YbY0Y1fVnWnvkxVnWnkkvc18fc:Su3AlFLjQ6TfTkL1f90sx90PA
                                                                                                                                                                          MD5:01215EA8380A6EC55046B091A2A2BC9C
                                                                                                                                                                          SHA1:A5DADD8AC8CBD16940F055AE2B66F869AA4C99BD
                                                                                                                                                                          SHA-256:5598942F610C6BC505159AF7561AECFAA03E341A18BF29523BF1E139246AE61C
                                                                                                                                                                          SHA-512:D39DFAADC391C0EC686808F52C2F1135F8E5450F2AD328FA879337C541823102225FACB500A56579FA74DB7F5C162E9AF277DAD4E51A19B6D6DE862D356042C3
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......................>.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.........................................................................................Pz<..y................K.j.j.a.q.f.a.j.N.2.c.0.u.z.g.v.1.l.4.q.y.5.n.f.W.e...........8...............................................................F.r.a.m.e.L.i.s.t....................................................................................................... .......O._.T.S.w.e.s.e.4.A.f.l.7.h.G.M.L.O.z.0.u.+.o.V.i.A.=.=.........:.......................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{E01EEBC2-E507-11EE-8C2C-ECF4BBEA1588}.dat

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5632
                                                                                                                                                                          Entropy (8bit):2.2097983268357666
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:rNWGDbxB9lj8yZyt0bKvqy6yEyvy5DlsN5Acb9lj8yZytXvqy:rAGvxZ8yZyoKS9LYu0OU8yZyXS
                                                                                                                                                                          MD5:F5B3BF5938FF28B9A2BB88146EB305B4
                                                                                                                                                                          SHA1:8104AB8712EA9E58A3E7D03E93E4C3FBB2C44B06
                                                                                                                                                                          SHA-256:21085302D23343CA6975DAD845E84CCF5FA1793822DE385891328A5A5FB4272A
                                                                                                                                                                          SHA-512:F61C08F731B745109962519D88825EE9F464B13B9F2A7078E97DDE3ECA0F86C49FA5A82C9736E5EB777BAEBAEA4B74155DB8088E89A5D9C1ED51A2411CE2452F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......................>.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y...........................................................................................E..y................K.j.j.a.q.f.a.j.N.2.c.0.u.z.g.v.1.l.4.q.y.5.n.f.W.e...........8.......................................................4.......T.r.a.v.e.l.L.o.g.......................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{E61989BF-E507-11EE-8C2C-ECF4BBEA1588}.dat

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5632
                                                                                                                                                                          Entropy (8bit):2.2114632466775173
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:rIGDhxB9lj8KZyI0bKvqy6yEyvy5DlsNUAcb9lj8KZyIXvqy:rIGlxZ8KZLoKS9LYu09U8KZLXS
                                                                                                                                                                          MD5:E11146190DB9BA6D0CE95F2A1C8296ED
                                                                                                                                                                          SHA1:84CBFECCDC5593456B2047EC3038CCB89FD5D345
                                                                                                                                                                          SHA-256:3D7E73C011A923906E49A65034B6DA47C4051193A31CFF71B47476D76E804C9A
                                                                                                                                                                          SHA-512:FD5023733DD46C26F62C8AAA7A5C24B5D626867EC92168C5E5D643AAF9C688B7C7657553B5D8A11EA08DB707F182D67ABC0518DD34BE74C2827D6674C00E2B9B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......................>.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.........................................................................................P...y................K.j.j.a.q.f.a.j.N.2.c.0.u.z.g.v.1.l.4.q.y.5.n.f.W.e...........8.......................................................4.......T.r.a.v.e.l.L.o.g.......................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{E61989C1-E507-11EE-8C2C-ECF4BBEA1588}.dat

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5632
                                                                                                                                                                          Entropy (8bit):2.1770628105423997
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:rWGAcxyyB9llZ8py9bKvqy6yEyvy5DlsNUAcb9llZ8pygvqy:rWGAqyynZ8pAKS9LYu09CZ8pvS
                                                                                                                                                                          MD5:DF17B1A9AA9AE5C38E890AE559597C7E
                                                                                                                                                                          SHA1:80A05A06EFA337CEA0DD5B5B6CF1BE98BA708152
                                                                                                                                                                          SHA-256:0348D996B9A64873FB0399A3E0495F1BD9CC07DF4DCA96F98F076E58D92BA1E1
                                                                                                                                                                          SHA-512:1A502076095816443005252DF809EEB0486D259FF17D141A5281E84A0C3DD75365BE9B8E9B3B56300EF753824BD7409BD8E095DFE11C72321A962E6260F1CBAC
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......................>.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y..........................................................................................?...y................K.j.j.a.q.f.a.j.N.2.c.0.u.z.g.v.1.l.4.q.y.5.n.f.W.e...........8...............................................................T.r.a.v.e.l.L.o.g.......................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{EF70AC9F-E507-11EE-8C2C-ECF4BBEA1588}.dat

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5632
                                                                                                                                                                          Entropy (8bit):2.209714902009451
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:rJlyxGv9lj8UZyyEl01ZKvqy6yEyvy5DlsNUAcb9lj8UZyyElXvqy:rrCGb8UZpElKZKS9LYu09U8UZpElXS
                                                                                                                                                                          MD5:9F8189AED380C6451DB3D5D1404744A8
                                                                                                                                                                          SHA1:3432EB91D27B6D718EF46272F2459031070BBB35
                                                                                                                                                                          SHA-256:90DAE5F1357190AB869CB140E0DA5B4A43CF2531054CC3F16465725D054ED324
                                                                                                                                                                          SHA-512:DCF12C28E32F737E56F40DBA63125917ACAC3E2744AE0A58E5C70D21E737556A1E40B23F6B437BA7D393F6A4794C1AAA411EAF0A8EE04FFE1D7453D7A1B6C2B0
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......................>.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.............................................................................................y......@.........K.j.j.a.q.f.a.j.N.2.c.0.u.z.g.v.1.l.4.q.y.5.n.f.W.e...........8.......................................................4.......T.r.a.v.e.l.L.o.g...............................................................................................................T.L.0...................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{FE255538-E507-11EE-8C2C-ECF4BBEA1588}.dat

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5632
                                                                                                                                                                          Entropy (8bit):2.2094416871290217
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:rsGDbRH79lj8ndZyeduKvqy6yEyvy5DlsNUAcb9lj8ndZyedXvqy:rsGvRX8dZ/uKS9LYu09U8dZ/XS
                                                                                                                                                                          MD5:5068D034D5AB09B201D6D0E1434D8A11
                                                                                                                                                                          SHA1:4B63F76B4BE1AE76F4FBCC97DB419191C2C8122F
                                                                                                                                                                          SHA-256:2B6141531D2D28A879D5CFC5B600CA3467D73C236F57FB284D95DE926CBB1CEB
                                                                                                                                                                          SHA-512:2DE3CF0A236AC0FB559AD0AE5890FF7138ACAEC61FDF6B5A19B2F9D94BB66CE32B07FA8A0E412834BDFE43C30259D5155160A1B509B910CCBE496AF859882C6A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......................>.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y..........................................................................................8T..y................K.j.j.a.q.f.a.j.N.2.c.0.u.z.g.v.1.l.4.q.y.5.n.f.W.e...........8.......................................................4.......T.r.a.v.e.l.L.o.g.......................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{FE25553A-E507-11EE-8C2C-ECF4BBEA1588}.dat

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5632
                                                                                                                                                                          Entropy (8bit):2.204299362050855
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:rJ6NxGv9lj8jhZyT01ZKvqy6yEyvy5DlsNUAcb9lj8jhZyTXvqy:rcDGb8jhZUKZKS9LYu09U8jhZUXS
                                                                                                                                                                          MD5:E9ED5F88B0CE9827258CB068C3397E70
                                                                                                                                                                          SHA1:4289563934007DBA46ACBFB9DB212A818B6EC0D6
                                                                                                                                                                          SHA-256:FF98BAA7D4C0203125600E7A9000F83E627BCBAA04CFB2AC5E6AFB0F10DD7DC1
                                                                                                                                                                          SHA-512:1C90FCCE8DA240EDDEE1D76EF027234C2B2CD799C482FC9C9DD1244CBE517F7FF8F59130E79C45CCF2979203F1491D13A9B56FAA995BAF3C662908B7ADC69F83
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......................>.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y..........................................................................................j...y......@.........K.j.j.a.q.f.a.j.N.2.c.0.u.z.g.v.1.l.4.q.y.5.n.f.W.e...........8.......................................................4.......T.r.a.v.e.l.L.o.g...............................................................................................................T.L.0...................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with very long lines (313), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):355
                                                                                                                                                                          Entropy (8bit):5.124491486514976
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:TMVBdc9EMdLD5Ltqc41E62VZOBvYHTD90/QL3WIZK0QhPPwGVDHkEtMjwu:TMHdNMNxOE37OBYnWimI00OYGVbkEtMb
                                                                                                                                                                          MD5:B3B803B81154AC0F913BB22D0AA7633F
                                                                                                                                                                          SHA1:1A00949E16EC8D666BFFBA0D4670BF77C8572151
                                                                                                                                                                          SHA-256:6CFD1DE1F2B0CECA095B2D47E4FBF5049BEEE342F66B516C4F1DA966ADCEE2FD
                                                                                                                                                                          SHA-512:4F0290936CAF7D4D000A2BA045E92CE9E63D795E1824CB7B256836B0FE55701DD3A48B8F23A80E47D06CE3B79F1469E0F329456BD7299E2875EE460F5C8EEBA7
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xb0b30486,0x01da7914</date><accdate>0xb0df716a,0x01da7914</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig>..

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with very long lines (311), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):353
                                                                                                                                                                          Entropy (8bit):5.126633056522241
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:TMVBdc9EMdLD5Ltqc4fLGTkkAL+uiTD90/QL3WIZK0QhPPwGkI5kU5EtMjwu:TMHdNMNxe2kkALxinWimI00OYGkak6Es
                                                                                                                                                                          MD5:AFED654D893A5DC7D64C1448BCE4480B
                                                                                                                                                                          SHA1:07F247670FF8A904AF13306C97561E8CF3BE7739
                                                                                                                                                                          SHA-256:17836C90AF5E55EA0602C908CFC06DD3CEE3C3310E38A5D1C6CB9B21AC61E587
                                                                                                                                                                          SHA-512:2314D502F8E0BF9BADB3D8F333E6C701F6DDE6416ED7E425B9BA13126DFE5B652DADD5044B1F5A971C255C03C058D72B7F9E6A83BC537CAEB99B94DF4B0C7E13
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0xaf2cd00b,0x01da7914</date><accdate>0xaf3c3bef,0x01da7914</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Amazon.url"/></tile></msapplication></browserconfig>..

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with very long lines (317), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):359
                                                                                                                                                                          Entropy (8bit):5.147339460769257
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:TMVBdc9EMdLD5Ltqc4GLRUFrTD90/QL3WIZK0QhPPwGyhBcEEtMjwu:TMHdNMNxvLRUFrnWimI00OYGmZEtMb
                                                                                                                                                                          MD5:CFF48EB470F75A86502906580EB662AF
                                                                                                                                                                          SHA1:041EFC3B9F591E2245ECA3C1ED64779E989FFD05
                                                                                                                                                                          SHA-256:D6E9548AA8D526298B64DA1D3F697A4AF5C7821314FB676255D6D0BDA6F32C29
                                                                                                                                                                          SHA-512:8B2D8659A6A2E3FF1A431EE368A0C2B97167B60E86CEE38D17D702AE48C135F4CB9E953345AD8C1A87319524179FCAE123E74E34610C243FBD51466CA1E27131
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0xb108b650,0x01da7914</date><accdate>0xb10b2b1e,0x01da7914</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Wikipedia.url"/></tile></msapplication></browserconfig>..

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with very long lines (334), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):376
                                                                                                                                                                          Entropy (8bit):5.199295509617897
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:TMVBdc9EMdLD5Ltq08eDPOOKaihMGdVHwTD90/QL3WIZK0QhPPwGcE5EtMjwu:TMHdNMNxtDPOOKaeQnWimI00OYGcE5Es
                                                                                                                                                                          MD5:7120C16285D449DA5CF8F7083182F6BE
                                                                                                                                                                          SHA1:E6F1DB2E9F802FD9240DB3772EEFBDF125845F8F
                                                                                                                                                                          SHA-256:3E8DBF942C8F53A5B276E71FB730CC2833A0770C8BCABF4A410C3E8169942EEB
                                                                                                                                                                          SHA-512:2A0CCEB93F044F645BF6176E0A8B00257D534B16E1C1A79FC466522A8CEB58EA8AC34BECD7546230CEE3ECFBA99630257975C459193F5CB75D50D547126CF66A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://go.microsoft.com/fwlink/p/?LinkId=255142"/><date>0xaf4f2b93,0x01da7914</date><accdate>0xaf5d4a52,0x01da7914</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Bing.url"/></tile></msapplication></browserconfig>..

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with very long lines (307), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):349
                                                                                                                                                                          Entropy (8bit):5.121638167365564
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:TMVBdc9EMdLD5Ltqc4JddAOrrTD90/QL3WIZK0QhPPwGgE5EtMjwu:TMHdNMNxiflvnWimI00OYGd5EtMb
                                                                                                                                                                          MD5:A809ABB5BC9410B272BEAEB71D7FC5FA
                                                                                                                                                                          SHA1:E769A6B19D3917321DB71A2414069F9388F52069
                                                                                                                                                                          SHA-256:5D5684A25536A06E813B237D9E535A975C46C31C6BA68C68CC8F27FFA7A3C066
                                                                                                                                                                          SHA-512:E2781D9C7CC905765868C35345A5AEEADE4BB762442EB27A25819D017DFB46F5987283A86600D025FEB88FD032421BBB09F6834C45989EFBB2515C423738A723
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0xaf7278e3,0x01da7914</date><accdate>0xaf7c3c13,0x01da7914</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Live.url"/></tile></msapplication></browserconfig>..

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with very long lines (313), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):355
                                                                                                                                                                          Entropy (8bit):5.146508913072386
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:TMVBdc9EMdLD5Ltqc4UxGwRMBzTD90/QL3WIZK0QhPPwG8K0QU5EtMjwu:TMHdNMNxhGwRMBznWimI00OYG8K075Es
                                                                                                                                                                          MD5:7F9B65C39355CE20452561479BEB017A
                                                                                                                                                                          SHA1:D604670B992938D35981B6C07BCF3CCFDC692BCF
                                                                                                                                                                          SHA-256:EF9F51BF3412D72635DED29ECB793707DF078F20143FCD3AA8841C73F52434F8
                                                                                                                                                                          SHA-512:C333EA3DB35358AE9F760C8EDDBFBEFE00E4D5570597828B927A1A73103664C607701429A1DB022D1E8A926548C1541F126BC886C0715938DBF0F29E3841E636
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xb10d9e6f,0x01da7914</date><accdate>0xb11497c7,0x01da7914</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig>..

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with very long lines (311), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):353
                                                                                                                                                                          Entropy (8bit):5.112260853626101
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:TMVBdc9EMdLD5Ltqc4Qun7w4VFuiTD90/QL3WIZK0QhPPwGAkEtMjwu:TMHdNMNx0n7dFuinWimI00OYGxEtMb
                                                                                                                                                                          MD5:8FFF66C1EA2CEB010D7F28F112B368F2
                                                                                                                                                                          SHA1:818A8B30160B8B49CC110146E33CC7D4848C2B67
                                                                                                                                                                          SHA-256:05B84BD7F1485BB7587C6F8AF9791D594CAD8F5CD3E3C298320BA5B86098A923
                                                                                                                                                                          SHA-512:9019A6C22DAE0778E4F544BE3E2F06D135D1CA2B2B35FA4C9FD44232FEF6DF08FA36CE7ED712EA2A4AB10E16DFE15217C1C0472883507AFC2E6964DDEAD84A94
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0xafc83b51,0x01da7914</date><accdate>0xafd1ff54,0x01da7914</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Reddit.url"/></tile></msapplication></browserconfig>..

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with very long lines (313), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):355
                                                                                                                                                                          Entropy (8bit):5.138875712701377
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:TMVBdc9EMdLD5Ltqc4oTPYiTD90/QL3WIZK0QhPPwG6Kq5EtMjwu:TMHdNMNxxginWimI00OYG6Kq5EtMb
                                                                                                                                                                          MD5:2C55EA14F953CA81E470F3F88DD065C7
                                                                                                                                                                          SHA1:486C6CF519305A41EDCD17A8A557C8925FD4DC32
                                                                                                                                                                          SHA-256:DAD5E17A0C50D7F59A518CC5E040639DEBCE1714FE7FF7922D5194960532A6E5
                                                                                                                                                                          SHA-512:F8952B0B9190908E55E9DC1502EFEEC8F87273A183863E9263691F590A0FF543C13367980F27D8C1D99723D164DA31F780AC7FA30D01905BD5245B05388B4A8F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0xaf7ead7b,0x01da7914</date><accdate>0xaf811e14,0x01da7914</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\NYTimes.url"/></tile></msapplication></browserconfig>..

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with very long lines (315), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):357
                                                                                                                                                                          Entropy (8bit):5.147696956179964
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:TMVBdc9EMdLD5Ltqc4YX2n6GiRiwTD90/QL3WIZK0QhPPwG02CqEtMjwu:TMHdNMNxctyiwnWimI00OYGVEtMb
                                                                                                                                                                          MD5:A62D724A5620BD537B39EF7097DB4E51
                                                                                                                                                                          SHA1:5F6F137CC1903611CEEB0504D307CA1C780F9CD6
                                                                                                                                                                          SHA-256:0BFAB4A4DD503AC2834F892414F91BB2603CBDB1AB2FD24185346992E317CAB8
                                                                                                                                                                          SHA-512:8E60AA81226EED1044277A9CAA39319BA8E8A1D500BAEACBAD27F38162DC14B5EA15286565308D081DD68408DCC012A563C426C5822BD06B4B8A0B1BE04B8693
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xaf66f3fc,0x01da7914</date><accdate>0xaf694402,0x01da7914</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig>..

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with very long lines (311), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):353
                                                                                                                                                                          Entropy (8bit):5.1137227198630555
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:TMVBdc9EMdLD5Ltqc4InN7BXrbTD90/QL3WIZK0QhPPwGiwE5EtMjwu:TMHdNMNxfnNFXrbnWimI00OYGe5EtMb
                                                                                                                                                                          MD5:2BF1CB2E6059D7C69F8C2594716BB945
                                                                                                                                                                          SHA1:4E50C3F0AC6A36AC23C7139EFF45664712302A34
                                                                                                                                                                          SHA-256:3DF497169857880CED0546ABE1CCB0E610C530269DF8CCCCE788778E5C65A19E
                                                                                                                                                                          SHA-512:8EEC026687F20E2610C9311083AD6EC965C368556683ACD5FB0824412B9F7E0BA513EDBC6685CA44536EDC2FCCA30421EA81C51758AF2E5A8ECC0D68816453EC
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0xaf6bc1af,0x01da7914</date><accdate>0xaf6d9640,0x01da7914</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Google.url"/></tile></msapplication></browserconfig>..

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\u5gkwgk\imagestore.dat

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):866
                                                                                                                                                                          Entropy (8bit):7.170893433754665
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:kUvF/6easyD/iCHLSWWqyCoTTdTc+yhaX4b9upGKA+/:kUt/6symC+PTCq5TcBUX4bt+/
                                                                                                                                                                          MD5:911EB7B5197897FAC60320C7C7609E71
                                                                                                                                                                          SHA1:183A2297B17C29A61249BF11FBAF801664AE6301
                                                                                                                                                                          SHA-256:43B409E46DC3402D5D969B5276A2C19F5043461916250E0FE8767F2EE3FE4948
                                                                                                                                                                          SHA-512:292AB2D9EC649D4012D186DCAF908507481686DF8A7A2761D507128849FB95124D4649735726D455CB286DFC55E09E7A44DB5FA6EC324320E2370C0332E2EA7C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:..........h.t.t.p.s.:././.w.w.w...m.s.n...c.o.m./.f.a.v.i.c.o.n...i.c.o......PNG........IHDR... ... ............pHYs.................vpAg... ... ........eIDATH...o.@../..MT..KY..P!9^....:UjS..T."P.(R.PZ.KQZ.S. ....,v2.^.....9/t....K..;_ }'.....~..qK..i.;.B..2.`.C...B........<...CB.....).....;..Bx..2.}.. ._>w!..%B..{.d...LCgz..j/.7D.*.M.*.............'.HK..j%.!DOf7......C.]._Z.f+..1.I+.;.Mf....L:Vhg..[.. ..O:..1.a....F..S.D...8<n.V.7M.....cY@.......4.D..kn%.e.A.@lA.,>\.Q|.N.P........<.!....ip...y..U....J...9...R..mgp}vvn.f4$..X.E.1.T...?.....'.wz..U...../[...z..(DB.B(....-........B.=m.3......X...p...Y........w..<.........8...3.;.0....(..I...A..6f.g.xF..7h.Gmq|....gz_Z...x..0F'..........x..=Y}.,jT..R......72w/...Bh..5..C...2.06`........8@A..."zTXtSoftware..x.sL.OJU..MLO.JML.../.....M....IEND.B`. ... ..............e.......e....

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2278
                                                                                                                                                                          Entropy (8bit):3.8470052226969482
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:uiTrlKxrgxTxl9Il8uHDPzs93SjCYsXV9d1rc:miYVPYtMZsXA
                                                                                                                                                                          MD5:11570E2097D7F069F1EF271728DAFC9D
                                                                                                                                                                          SHA1:670BC24F554924616178B0D465DAE6142497C6EA
                                                                                                                                                                          SHA-256:45250BDFC95F3056AD494114786F94D18929D4F03A9D719ED734961A1CAB8C8A
                                                                                                                                                                          SHA-512:EB873DB6C045EAEE124D720AC179652658788ABC24D49BFC527CAA0DBB5F5CAF74EDF2468A4EF80333A6EE82CDDF6F1A372CAA5E2232BBC793882B8C9880648A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".g.I.8.F.C.h.1.5.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.Q.h.1.H.R.y.

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4622
                                                                                                                                                                          Entropy (8bit):4.001497977768436
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:uiTrlKxExPxD9Il8uLwZeGpE1jD8R8yexnK5V+BgTLgT8h0YRrG2fXoy4kiJr8lN:BYNwMjD8R8bhKLTc4G+Zi277
                                                                                                                                                                          MD5:734CAA9DE631A06737B602F40D6DC3DA
                                                                                                                                                                          SHA1:02669F1F7A2A9EB812CE8AEEFAAC34C5D49A057B
                                                                                                                                                                          SHA-256:DD08E047D339A4F385C33B70FC067C0FF05F7EF9E21E39BB6953019347A1F0E2
                                                                                                                                                                          SHA-512:9AA3EC1EAA08B288005FC16101559F09C539CCF3F9E21BEF4B820AC1D6E7D589181911FF2450CDD3693473EDD45F1A7C3E1958F5AC0550630019CB746EB8A48D
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.2.h.7.x.R.5.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.Q.h.1.H.R.y.

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\favicon[1].ico

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4286
                                                                                                                                                                          Entropy (8bit):3.8046022951415335
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:suZOWcCXPRS4QAUs/KBy3TYI42Apvl6wheXpktCH2Yn4KgISQggggFpz1k9PAYHu:HBRh+sCBykteatiBn4KWi1+Ne
                                                                                                                                                                          MD5:DA597791BE3B6E732F0BC8B20E38EE62
                                                                                                                                                                          SHA1:1125C45D285C360542027D7554A5C442288974DE
                                                                                                                                                                          SHA-256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
                                                                                                                                                                          SHA-512:D8DC8358727590A1ED74DC70356AEDC0499552C2DC0CD4F7A01853DD85CEB3AEAD5FBDC7C75D7DA36DB6AF2448CE5ABDFF64CEBDCA3533ECAD953C061A9B338E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:...... .... .........(... ...@..... ...................................................................................................................................................................................................N...Sz..R...R...P...N..L..H..DG..........................................................................................R6..U...U...S...R...P...N..L..I..F..B...7...............................................................................S6..V...V...U...S...R...P...N..L..I..F..C...?..:z......................................................................O...W...V...V...U...S...R...P...N..L..I..E..C...?...;..{7..q2$..............................................................T..D..]...S)..p6..J...R...P...N..L..I..E..B..>..;..z7..p2..f,X.........................................................A..O#..N!..N!..N!..P$..q:...P...N..K..I..E..A..=..9..x5..n0..e,...5...................................................Ea.Z,..T$..T$..T

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\favicon[1].ico

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:PNG image data, 32 x 32, 8-bit/color RGB, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):758
                                                                                                                                                                          Entropy (8bit):7.432323547387593
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:6v/792/6TCfasyRmQ/iyzH48qyNkWCj7ev50C5qABOTo+CGB++yg43qX4b9uTmMI:F/6easyD/iCHLSWWqyCoTTdTc+yhaX4v
                                                                                                                                                                          MD5:84CC977D0EB148166481B01D8418E375
                                                                                                                                                                          SHA1:00E2461BCD67D7BA511DB230415000AEFBD30D2D
                                                                                                                                                                          SHA-256:BBF8DA37D92138CC08FFEEC8E3379C334988D5AE99F4415579999BFBBB57A66C
                                                                                                                                                                          SHA-512:F47A507077F9173FB07EC200C2677BA5F783D645BE100F12EFE71F701A74272A98E853C4FAB63740D685853935D545730992D0004C9D2FE8E1965445CAB509C3
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR... ... ............pHYs.................vpAg... ... ........eIDATH...o.@../..MT..KY..P!9^....:UjS..T."P.(R.PZ.KQZ.S. ....,v2.^.....9/t....K..;_ }'.....~..qK..i.;.B..2.`.C...B........<...CB.....).....;..Bx..2.}.. ._>w!..%B..{.d...LCgz..j/.7D.*.M.*.............'.HK..j%.!DOf7......C.]._Z.f+..1.I+.;.Mf....L:Vhg..[.. ..O:..1.a....F..S.D...8<n.V.7M.....cY@.......4.D..kn%.e.A.@lA.,>\.Q|.N.P........<.!....ip...y..U....J...9...R..mgp}vvn.f4$..X.E.1.T...?.....'.wz..U...../[...z..(DB.B(....-........B.=m.3......X...p...Y........w..<.........8...3.;.0....(..I...A..6f.g.xF..7h.Gmq|....gz_Z...x..0F'..........x..=Y}.,jT..R......72w/...Bh..5..C...2.06`........8@A..."zTXtSoftware..x.sL.OJU..MLO.JML.../.....M....IEND.B`.

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\E9TC8ZS7\4VFC2212.htm

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:HTML document, ASCII text, with very long lines (58562), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):190892
                                                                                                                                                                          Entropy (8bit):5.46134359184279
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3072:p/cQRNFb4/WDMihc/h5Nyh0lCOpIS/xYy:KQt4/7ihcHNyhICdAxYy
                                                                                                                                                                          MD5:844E8CF7077951C757755E18AB055E67
                                                                                                                                                                          SHA1:5AE3EFD1791C5175DA503DD511F468EDCBF77687
                                                                                                                                                                          SHA-256:B72FA5EF88FE89755FBB9B6B7650C0933CBA69311FD80B0FCD7A1E2D66F4ADE9
                                                                                                                                                                          SHA-512:7F5A9FFF33D1F42F11828D9B675654E0675726A20B52290E700AF3A416526CD12E9F75AADB07C65D2E3C1EA6C14D761F9B71AFFAE4C3A02D4412AAF2A9F9119B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<!DOCTYPE html>..<html lang="en-us" dir="ltr" >..<head data-info="f:msnallexpusers,prg-sp-liveapi,prg-tat-msnvserp-t,1s-msntovserp,prg-bd-top-f2,prg-sh-bd-df2,views-river-wpo-1,1s-wpo-views,prg-river-wpo,prg-c-visser,sh-npllmcw,prg-sh-ntpigspsd,prg-1sw-sa-trainpost1,prg-1sw-sa-distillation3-c,prg-cg-p1cf,prg-1sw-p1dynasize,1s-eaop1,prg-sh-badgewc-c,prg-fin-chl2,prg-fin-l2tnewsc,prg-fin-cdicon,btrecenus,iframeflex,prg-adspeek,1s-winauthservice,1s-ntf-hisent3,prg-1sw-blkbknhi,prg-1sw-samhibrnt2,prg-pr2-blkbknhi,cg-nat-ad-land-ctr,flight0417_4,btie-aimclickbait-c2,routentpring0t,1s-fcrypt,prg-cookiesync,1s-shp-xp-ecrfrich,prg-sh-ecrfrich,1s-ntf1-fyrvc2,prg-1sw-sa-fyrvt1,prg-ctr-pnpc,1s-wpo-pr2-hdcapu,prg-pr2-ltpacer,prg-upsaip-w1-t,prg-upsaip-r-t,prg-ctrlvidbuf,1s-rpssecautht,prg-1sw-p1wtrclm,jj_fac_c,prg-pr2-bdgendpt-t,prg-pr2-bdgendpt,prg-pr2-saupsellc2,prg-ad-article-hc,prg-health-cfstaging,prg-cashback-odm,1s-promotion-cod,prg-1cashback-odm,prg-1sw-cbcacheshort,1s-wpo-pr1-cnop,prg-1sw

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\E9TC8ZS7\AA15Yat4[1].png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2013
                                                                                                                                                                          Entropy (8bit):7.81099098044133
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:qcPmqB8c1a5ShKNuK/z3amAq5zGQy7EFUQ9:J178ohKNuK/zLwQ9WQ9
                                                                                                                                                                          MD5:1F3C2A6537F6260FE81A7CBFF4BC431C
                                                                                                                                                                          SHA1:E779F157168D274F1FAB870C85349C9A9F9466CA
                                                                                                                                                                          SHA-256:31D6A3E91B525A985991C7B179331B814C77B54193D22E594B09018FD7AA5637
                                                                                                                                                                          SHA-512:A3004D5701D6E88D35B5F946A26D0C893D681E9F8651C7E0F0996CA85048685C37197BE975C8E9AF3825F77A5582ECEB246687851EA221837770A8DF257DE599
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR...`...`......w8....sRGB.........gAMA......a.....pHYs...#...#.x.?v...rIDATx^..K._.........n...h..._.T...c...>h.J.OD....c.]....[..4."".B....`..^..~'.>3{.......,.k..3...g....,....CX..c.0...0V..X..c.0...0V..X..c.0...0V..X..c.0...0V..d..vy..)....-j.\..V.^M^x.].._.|!/<...0u.T.={6,Z..f...D.>..........l.......b..i.QM..l..9z.....E.-.Y....Q...,//....^.-.F..............h.@..g....V...SO..+.<.>}.s...'.L....]....3.ah...l.....=.:w....q..}...'/..}.6TUU..OiK0Z..........fNQ.0..oa.....+....D..f..eT...L..T...t~..AG...3 j...0.....r.G..A[[.y>......X:..Xgg'..'.3............m.pww..*.c....E-.eee...3..Y.l.444../.}sg!..;w..'...#G.@ss3y.\.4...6..X...3.0u.b``.9v.;.e}....z..E.....aH...O.<q..'....l....r..i...K.....\,.p....I[....Z...(...w/v..u.`.}.!f...,..E,.....L\.....PK.._S+...p.O~~>.....%KhK0q.CHEE.........,...aj9g.....c.***...~)l$...g...O..q.CX#p.7n...$.'..<..]..D:.U.[.z..9..6m...$...`..p.B....7.T.[..|.2..X.`....-@..... Na..wp..I....!.$`5....ni..FW

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\E9TC8ZS7\AA19yQae[1].jpg

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 275x157, components 3
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                          Entropy (8bit):7.939280115024219
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:F9lGM6Au2kHstvcB+xcc7yU/BSXKAbdJU5KBq+O:FXgvHsB+Q/SBq
                                                                                                                                                                          MD5:E2F6A4F16B96F48C8B0DA69A896A3376
                                                                                                                                                                          SHA1:8FF00F35119806E113A85E369533580D5BCD6159
                                                                                                                                                                          SHA-256:35BD53E493BA1F0A0360B8CB272BAA5751AA25C5AB73CFE9F9794DEDA3835D20
                                                                                                                                                                          SHA-512:B1E448B98443189BB5563AF5D1F5154407B35B1FCDD3AA62BDE3CC3D03C06C1A30D7EE1ACDDAE33337EFD338B406E560A3665F081E68D3B9E9A9B146A2DF5CAE
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......JFIF.....`.`............................................................................................................................................................................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..t..O.4sq.....Q_[I4.Ime.D.Jq..3n.....u.LU...k...VI..._[_]..>E.2...h|......v.....J......0K.C.R..6i.i.U.|e....?........ie.:..WKC.?.k.&.....|......`N.d......+.......x..G..E...<.+....6.......5.?C.S.*..i.....pp.S..^..:.Q.....\.Q..g.~......Zi.[k1..`.g........)P..X.Fy'5...Z.%*.....v..OAU.......Ew1.F..e....^Cm..YJ....z..7..F2...j...k...{..r..n.....:l../$...'...,.."....Ae.....0V.....

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\E9TC8ZS7\AAVs9cU[1].png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1214
                                                                                                                                                                          Entropy (8bit):7.599946746969644
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:C/6yU0JRXs1C1zE9hrbmbvTiT9je3iMUEFCONRXTQUBwFaG7:C/6yU0XXu9xRje3FCOfDQCwFak
                                                                                                                                                                          MD5:840EDBF110A8FF1F0D9CA580AC5EEAC3
                                                                                                                                                                          SHA1:322B7EC2E8848CE0701323C95EBE68CBC911987F
                                                                                                                                                                          SHA-256:278AF8DB05B358D4A77C18906379F458402D3E0B4A905A51A5C8A05CA5A7FA6F
                                                                                                                                                                          SHA-512:A2E378275DFFAED9996262AB82F13EA701A9CA75E50EFEEF1DC09398D5E0B78C64ED12AE0BA7BB579E71AF70ED1D46F54E86F3B93189DC520A8B221539043DFD
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR...`...`......w8....pHYs.................sRGB.........gAMA......a....SIDATx...n.9....H.:.p.N..2@.n4O0.Y...f.b.l.-...H..n!... .t.....7-../.oy6.|9e..cG.....!DE.DF.DF.DF.DF.DF.DF.DF.DF.DF.DF.DF.D...D.v....T0......q...ML.{r...@n0.c.P.}.../R...{^.S....?.aR._pt.1....5....ko\..G.F..y..Nw.W."e.!.Z....a57..,.&.}..{.....X.. eZ!.<....H.V..>.......N;2`g...w.:....o?6.ja.z..R.^.[|...F\u/C-.#u...?|....w.O.B...._.y....`.^.y.X.o...B.......[.10/.6..S......A-.~=..<%.^.....n._..H..]*.q.P.`...B- T..._.........:X..`.C..d...|.&...[..k+E'>......SQ.;m...0...p.0....4aF....f$5......P3.P=..P....j@..X......[..7ze.0A) .z.....uH....j@....s.....<.n..3..0.u..6...&.;..q.05.....N..{.....P.l....LA........@..`./.B...........q...d%.....>xo#.=.......7.=..........8...\..\.|..k.-..*...f..l......`...Sp.uy...`.G..}`.7.......J........1.:4..O.]0.9P.........#.C.C!.....{....;.+....#...a.M..e.."F......7..&.;.1C... ..M.Q(.........! p.......p.g.......9.I?..N.s@...]..I^..}.....

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\E9TC8ZS7\AAy3CUU[1].png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):18952
                                                                                                                                                                          Entropy (8bit):3.347918954114546
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:bSDZ/I09Da01l+gmkyTt6Hk8nTpWvkiw3ay73aONGQUGfNXrNXVhsc5Mubxd6m:bSDS0tKg9E05T0kiU95zxdl
                                                                                                                                                                          MD5:AE209DA8996159EB8B32BEF890806461
                                                                                                                                                                          SHA1:F00684578491271F97DE59F3D9A95E28D82E791F
                                                                                                                                                                          SHA-256:BB67572CE7734E367DCC3B90CDA6CEFAE27BD46E8662F84794E7476759145A02
                                                                                                                                                                          SHA-512:F5B184726825B569125F6A8ED6A20BB4F1A2F18BCB13384F15AE6A526E81AB6F23C1FFF5EA8C1B9CB7C210FCD73C15CE1E7E9E257B6EBD69A50120F37E5DD167
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\E9TC8ZS7\AAywGC0[1].png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):18737
                                                                                                                                                                          Entropy (8bit):3.269694585441059
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:bSDZ/I09Da01l+gmkyTt6Hk8nTKkEWm+WS8ZxNXrNXNsc5Mfkdi8QIxKe:bSDS0tKg9E05TKk6+Y757di8QIxx
                                                                                                                                                                          MD5:AD509A288C241C38783057C8C7552983
                                                                                                                                                                          SHA1:337D2C14AFD9872C192312C4CF5EEFD0E8D034E7
                                                                                                                                                                          SHA-256:33AEB0E88F6E7A3B4ACB371E092CA813D355B54D3FF1A494810A7EEC1072FDFD
                                                                                                                                                                          SHA-512:8329302804D661901F70F02BFB4800FF857E07029D93A7D1439D58B62A5F5AB66271F3BFCC37DC9C651877D76AB86FBD3F8EF6A7D2F919801D8FC6A58ABA7410
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\E9TC8ZS7\BB16ZxBg[1].png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:PNG image data, 16 x 16, 8-bit/color RGBA, interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):389
                                                                                                                                                                          Entropy (8bit):6.869602754260452
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:6v/lhPuLznDslidjLUKwzQdh6FeEvsidGpy9ceMmZ6rN441eDVlt85+va8vk6aKE:6v/72LssBL2wEbYea44EB3f7vk6TnJkb
                                                                                                                                                                          MD5:81383ED785568497BDC36E0C20D07E63
                                                                                                                                                                          SHA1:DA39A423EE0690D7B329CA5C8A0DDFE0A362831D
                                                                                                                                                                          SHA-256:099848EA191B2D3E7D1E6C4B85A0059A92CD00FA4623D19878CE466C77A5E4F2
                                                                                                                                                                          SHA-512:D3B390905BA66EFAE90FE476F80ABC27402D22E8FEE50FD19F75CB816F1F75806DCB620C7A2EF3A4DB8A771350AC6981F084896916342088B73A2DD66BD51D23
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR.............h.......tEXtSoftware.Adobe ImageReadyq.e<...'IDATx.b`@..6.......B..?P.>@.1`.......h..".......... ......f8.... .F@u$...@..hT .......#..p.... ...X.*..$91tn.A+.......X8..}...0@..t..&..z.....C%...f`bS.5..ME4..A......`...nP.]...@..P1......A.LH...H.@Ce......O.*....@?^@.g. ........[.3.....@.......4/..?4.....`..=.:"y.$.r.......qD.] 5..>....d..]......IEND.B`.

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\E9TC8ZS7\BB1hDfA0[1].jpg

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                          Entropy (8bit):7.681182632559876
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:6kyNGQsXjNnM3VN3iBSkFViHQhzaNH/8PCfrj1:6PFsXjhMLiBF7VaNH/
                                                                                                                                                                          MD5:49CEA769D9C08B3EC1F7582D2A4BAA90
                                                                                                                                                                          SHA1:1C6AA090BAD7D48208CA2D3D0B8E01E1489B0694
                                                                                                                                                                          SHA-256:60BDB2B66D36D61DF8FCF0E5428304FAF0EFB38E133D6910FD0194212255EC81
                                                                                                                                                                          SHA-512:212C2970E84ECFAB431F6A8C90EBD09DB46DF262C8886729EFEE6BEA05DDC6350178DA8574260EEEAED3D07279FDAD4349D76EA57461448DED2EB70492770BFD
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......JFIF.....`.`................................................................................................................................................,...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?......uXm.{GX.f......c..x.`.J..IK...)......k.0....`.m..d;p.y..+.)..z....}K..0..U.\..TU.........>...j......z..l...|-{4.0...0...N.u?7..}F....MS....ad..^......"e`....A.3....A..y?Z.7-u..4|.z#..y<G..g.y....n.9..1...kJ4../a=/..j..g.....=M.$...6......=.x...x.F....9>._..(.r..-B.].QM<O)..r.N.=1....y..S.U....odpZ.....c....Y./]....*.{......J.Y..-z.;.ls.X.U.].. ........>b0T...]

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\E9TC8ZS7\BB857Lo[1].png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):492
                                                                                                                                                                          Entropy (8bit):7.447060862432633
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:6v/78kFNa7napTy6/m6d6LfJUndmRs1CRyah4eM9k:RQTnQJUndmRs1CRvLM9k
                                                                                                                                                                          MD5:447F9D74B03830B4D886B3FCDD140409
                                                                                                                                                                          SHA1:5EFB7545FC49F8DCA8302608DD44B1893056159B
                                                                                                                                                                          SHA-256:56A7E8048DDCBC65C205E83468FF5E2919403EC6997BF301E10EEFE15D7990B8
                                                                                                                                                                          SHA-512:69F1A16A60E5E6677204FE22C3B7D68BFD7DE96CE966862D392E57CF6A4D9E26BE38CB8CAAB1A7A2A47EF42E12263374CBA56F6B3A40122593162B84AA4C5D8A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR................a....gAMA......a.....pHYs..........(J.....IDAT8OuR.J.P.....nR.`E..\.n.....W.{?C.]%.>A..FE...+.h..C...5h..1.=.I.4.....s......W5cM.t=....7b.y.(.7..T.%1.4....S|;'..@..:@ .4....v.r\..Y..4w.F.^..P...>..."..?..oQ0S..<<....'.....19....}r..~../+....(..<.N.....?.[.....q.....7.&..])F..%.............vD.b}...,.[.".p....=..l.....O.)-...iSK....A.."_._.-,..h=S...%gRm8t...*....H#...B...fK.V.*r+......S.=*.w.8#.. ..Iw.....}a8.0...X.s.E..^Z}..F{.....IEND.B`.

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\E9TC8ZS7\Icon[1].png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:PNG image data, 60 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):533
                                                                                                                                                                          Entropy (8bit):7.415663553371965
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:6v/7Ya7/6Ts/o7hJW8/t8oX8qUkUGGVIXC/zoZ3VYZwWSVR:E/6pzWK+q/UGGMC/zw3oGVR
                                                                                                                                                                          MD5:B6162D100379E7F4EF709BA5C26D1BA8
                                                                                                                                                                          SHA1:AEA4244C56F00AA26064134863157A6EE9D7ABB9
                                                                                                                                                                          SHA-256:DCA74022BEBB4F12F8EFADD226C9413CAFFF9193420D604DE8A398642172AACA
                                                                                                                                                                          SHA-512:CC64207C45F85255F34A157C9370A46EBD4A2B3A674E639838EF7582FD93D68F91A275C577E2FC9A46674EC765D8CC43A5BE28B281FCD5006D38D0C6F02E2058
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR...<... .....N.......pHYs.................sRGB.........gAMA......a.....IDATx..=O.1....$....1..7.....p32..)..Yw..p..IL.$qT'......1.#.h..j.5...9...~...w.....oe.....]8,..|..........``.$a.K.&Lq........D,D..8e.c.....fQ...u..%.(..b..8A......,>@6....Y*...9.(...d7........,!zr.N...T}.....j...NY'..|.=N2Q&<?3....@..-.e.h....F#..2.v...n..!-.e..&........%.e........y.c.y,.e........4'40.t"...B.........D.../[D..6j....^>.....g...3...5<Hv.H../M.+Y`.......OXw<a.al..aF.@.../.E....=;S.K....s.......IEND.B`.

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\E9TC8ZS7\YW7S6V9M.htm

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:HTML document, ASCII text, with very long lines (58562), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):190892
                                                                                                                                                                          Entropy (8bit):5.461445447079877
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3072:p/xQRNFb4/WDMihc/h5Nyh0lCOpIS/xYy:jQt4/7ihcHNyhICdAxYy
                                                                                                                                                                          MD5:2F3EAA537BC8DE6E8CAFBDBE5D16831C
                                                                                                                                                                          SHA1:5AF5829F6B0BD5AF6533495F679471C25EC8CD24
                                                                                                                                                                          SHA-256:8C7E468A04D65B9244C3D55DB833D84EE567F5E746FCC786CE41C2361883794F
                                                                                                                                                                          SHA-512:BEAD491CEFC7B1172B6506DA2E8A5F9102BB16EA0A845A7D0BB3B2B8E5DE3605B30F62A00AA7CEAA386A00678F109CD698852351A47B5E695D6CD29C12511B1B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<!DOCTYPE html>..<html lang="en-us" dir="ltr" >..<head data-info="f:msnallexpusers,prg-sp-liveapi,prg-tat-msnvserp-t,1s-msntovserp,prg-bd-top-f2,prg-sh-bd-df2,views-river-wpo-1,1s-wpo-views,prg-river-wpo,prg-c-visser,sh-npllmcw,prg-sh-ntpigspsd,prg-1sw-sa-trainpost1,prg-1sw-sa-distillation3-c,prg-cg-p1cf,prg-1sw-p1dynasize,1s-eaop1,prg-sh-badgewc-c,prg-fin-chl2,prg-fin-l2tnewsc,prg-fin-cdicon,btrecenus,iframeflex,prg-adspeek,1s-winauthservice,1s-ntf-hisent3,prg-1sw-blkbknhi,prg-1sw-samhibrnt2,prg-pr2-blkbknhi,cg-nat-ad-land-ctr,flight0417_4,btie-aimclickbait-c2,routentpring0t,1s-fcrypt,prg-cookiesync,1s-shp-xp-ecrfrich,prg-sh-ecrfrich,1s-ntf1-fyrvc2,prg-1sw-sa-fyrvt1,prg-ctr-pnpc,1s-wpo-pr2-hdcapu,prg-pr2-ltpacer,prg-upsaip-w1-t,prg-upsaip-r-t,prg-ctrlvidbuf,1s-rpssecautht,prg-1sw-p1wtrclm,jj_fac_c,prg-pr2-bdgendpt-t,prg-pr2-bdgendpt,prg-pr2-saupsellc2,prg-ad-article-hc,prg-health-cfstaging,prg-cashback-odm,1s-promotion-cod,prg-1cashback-odm,prg-1sw-cbcacheshort,1s-wpo-pr1-cnop,prg-1sw

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\E9TC8ZS7\jquery-3.6.3.min[1].js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:ASCII text, with very long lines (65447)
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):89947
                                                                                                                                                                          Entropy (8bit):5.290839266829335
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:1536:ENjxXU9rnxD9o5EZxkMVC6YLtg7HtDuU3zh8cmnPMEgWzJvBQUmkm4M5gPtcNRQK:EcqmCU3zhINzfmR4lb3e34UQ47GKL
                                                                                                                                                                          MD5:CF2FBBF84281D9ECBFFB4993203D543B
                                                                                                                                                                          SHA1:832A6A4E86DAF38B1975D705C5DE5D9E5F5844BC
                                                                                                                                                                          SHA-256:A6F3F0FAEA4B3D48E03176341BEF0ED3151FFBF226D4C6635F1C6039C0500575
                                                                                                                                                                          SHA-512:493A1FE319B5C2091F9BB85E5AA149567E7C1E6DC4B52DF55C569A81A6BC54C45E097024427259FA3132F0F082FE24F5F1D172F7959C131347153A8BCA9EF679
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/*! jQuery v3.6.3 | (c) OpenJS Foundation and other contributors | jquery.org/license */.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,y=n.hasOwnProperty,a=y.toString,l=a.call(Object),v={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},S=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||S).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\E9TC8ZS7\me[1].json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):94791
                                                                                                                                                                          Entropy (8bit):5.3276377521693075
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:1536:eXflzZmszOd8RSRwtQR1i6YmOpfqwoL9CUim:eXfTk+RSRrR06PWNm
                                                                                                                                                                          MD5:B3885F66A260B12DC4040944330D4299
                                                                                                                                                                          SHA1:F05ACD1C6480F85EF273F9814141BCC505932194
                                                                                                                                                                          SHA-256:B9F370555F442321343A9219CC89D6284C2763B70C62EF3BF5AAC43904285BE7
                                                                                                                                                                          SHA-512:E1F12421DADE55878E31C8CEC25686D2487D8E147E37C7AE93D7D92CD563E4EBB32539E396A33702F68B687CDE13F08007E9DCAAF38CEBAF4850F60949FA86DC
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"nextPageUrl":"https://api.msn.com:443/msn/Feed/me?$top=32&delta=True&session=07830485-6fcd-4025-8b75-a5abd7c48e36&$filter=_t eq 'CompositeCard'&contentType=article,video,slideshow,link,content360&infopaneCount=24&queryType=myfeed&location=47.7159|-122.204&ocid=msndl&apikey=Io4orNtwRr08vQQBER8stWzJbGltMJzMwkmiMOv9z3&activityId=7FF05383-E874-420B-A4A9-263700520B95&responseSchema=cardview&cm=en-us&timeOut=1000&WrapOData=false&DisableTypeSerialization=true","subCards":[{"type":"infopane","subCards":[{"id":"BB1k3mHQ","type":"article","title":"Putin extends one man-rule in Russia after stage-managed election devoid of credible opposition","abstract":"President Vladimir Putin is set to tighten his grip on the country he has ruled since the turn of the century, with early results from Russia.s stage-managed election indicating a predictably large victory for the Kremlin leader in a result that was a foregone conclusion.","readTimeMin":6,"url":"https://www.cnn.com/2024/03/17/europe/putin-wi

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\E9TC8ZS7\me[2].json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):85936
                                                                                                                                                                          Entropy (8bit):5.337929213173188
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:em3N7nPdJ8ozI9bcvhoHqmGdo2ngC1D8/9oGvrqO5w3Vfm+c37cgY+KxAGVtSjpk:ewVz6bd4G/ToiAnaVY
                                                                                                                                                                          MD5:687FCDD712B8F7FCA106C798E187CC1B
                                                                                                                                                                          SHA1:64121A63EA64B8746C0B9719C846A7E6F0309E6E
                                                                                                                                                                          SHA-256:86BE6B5B5493CBD55D6E0B7DB44089FA39F26047FBD1A1AEEAD6FE738E466FE7
                                                                                                                                                                          SHA-512:6251165A237D1F2CBE1D5615E0F512405590046C8A894D585E210B78261F5CCC673DF8E95DAB1BCE08BB02C0F531354CA7B6C23E78599807B1DBA3B737FA0FF0
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"nextPageUrl":"https://api.msn.com:443/msn/Feed/me?$top=32&delta=True&session=1035b1ae-870a-4101-9ba0-af340e5f7950&$filter=_t eq 'CompositeCard'&contentType=article,video,slideshow,link,content360&infopaneCount=24&queryType=myfeed&location=47.7159|-122.204&ocid=msndl&apikey=Io4orNtwRr08vQQBER8stWzJbGltMJzMwkmiMOv9z3&activityId=7FF05383-E874-420B-A4A9-263700520B95&responseSchema=cardview&cm=en-us&timeOut=1000&WrapOData=false&DisableTypeSerialization=true","subCards":[{"type":"infopane","subCards":[{"id":"BB1k3nDZ","type":"article","title":"Border security deadlock heightens risk of government shutdown","abstract":"Funding for about 70 percent of the government will expire Saturday just after midnight unless Congress acts, but disagreements over immigration have stymied talks.","readTimeMin":4,"url":"https://www.washingtonpost.com/business/2024/03/17/biden-congress-government-shutdown-border/","locale":"en-us","financeMetadata":{"stocks":[],"sentimentRatings":[{"topic":"wf_sentiment_pos

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\E9TC8ZS7\th[10].jpg

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):10124
                                                                                                                                                                          Entropy (8bit):7.940799647712238
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:SPtxjtT/HIK6P8q3Ivc71WVsd/es3sT3b7w7fnOxK4IfYxZK8yAp4EXZ78w:SPz1/H76UqycIVstsT33XIfn8yj0d8w
                                                                                                                                                                          MD5:F3CB626AE36E1B8143749F193C64CB29
                                                                                                                                                                          SHA1:199557130FF1598A8E20E23AFC8E2116C0845777
                                                                                                                                                                          SHA-256:8743AFCAE42309629EA27E5AAE27E049CD39C6F49F267C82A19BC50E0690B3CC
                                                                                                                                                                          SHA-512:11CD8C34652EC366FDA1FFBA8450B53C3C67B837FD8D912BEBE76FF3456E94FF0B4C9329099F708AA72690EE7DD74FB6EAE73FF3305D3A976DB32DB461C37BA9
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...B7u.6....."......K9>j../.W9..M_...9.pQ.......Y[...\.7Dt57..O1..F.~..s...n.:.Mtv.jJH.qp.B*....\{.y&.4.I4....u.Q.@...V._z]...h.\.. .j@.......Wa....._.N.......X.....N1..vc..H.#.^M.}....N3......zv..x.{k.kHs...(...z......z..Z..x....uc.gq{m..H....Cy<@n.b1.8.`H.......e|q..Y.\j.3g.a...u....u..q.g..G4.Z....AT.........1..^S.,O.i...../...c........>........".]J

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\E9TC8ZS7\th[1].jpg

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 620x304, components 3
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):35104
                                                                                                                                                                          Entropy (8bit):7.969781897502378
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:RN6hWC/6VVDGMF8H8/tWwhg0CK3kACCXEo:RwL67NFy4sEZklA
                                                                                                                                                                          MD5:55461FE9162FE4E925C42698385EC590
                                                                                                                                                                          SHA1:1497DDE28E63FFEFED607C8384EEDC5968D373A6
                                                                                                                                                                          SHA-256:C15B820DD15A4B69C07347104799B86A1857918A06319385124D1392CEFF151A
                                                                                                                                                                          SHA-512:0E126CDC4BC477D1746C700777CA6B7BCB8EAFE3D4BC421007F6B86701C66E3ACBFE8B156D479A5E03A36A564DA1B8DE5E6F209953E937649AEDF8FE3CAEECA5
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......JFIF.....`.`.....C....................................................................C.......................................................................0.l.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..N=z.......Z..v..T...d.{.7.,F.SX.h$..i.....>..p.....Coq.kU.q...;.X`T.1.r.A....V@3..6B....Vl.+t.Q.-..7 ..sN.`.+<.Ry...z.<..H.X.)%.B. `.jInL.fz.w3on.aV,..ky.. 0..i[.H..a.C.d....UzT....9~.$..G.'.G.jP$K.L.:pk/P..XCD..j..^..tg..X..;.O..._ ..*.=.q...a........r...X..n.q]..L%.3KI.91....."4r...s\...4.ev....=.E|..U..B.R..6...`......k..G^.3\..[...&..`7.i.$qa.F...>S

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\E9TC8ZS7\th[2].jpg

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):11634
                                                                                                                                                                          Entropy (8bit):7.938919542660497
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:S9w7uEBXfukgu8Muq/g8XR6s+3rWcAAt/BX6/+TaJc/seD056SDZtPqBD:SybItdGX+icvt/56AO5NDZtPY
                                                                                                                                                                          MD5:EC41AEDACDA1005B68D47540218DD278
                                                                                                                                                                          SHA1:8598D2F8CA509C022443D290D0C98DA160A1DDCC
                                                                                                                                                                          SHA-256:5AD9F46D5CC153374765AEBB4A692000C1AB82403DC89F6D03E767F47E4709E8
                                                                                                                                                                          SHA-512:066D9A6BDA94D25198315295B098DD2F3DFFBB8AE626356C8C91E7130DF3D8E460B4AA33C68EC971B9689DE647B7892467DAA5FA6F85412BCB33074C0F3EBF2A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..6v...P...4YZ..=....j...R*..+...Z..".$.....X:..+-r.J..n..._(....k..A.r.s..)......X.Fi.Ao..}Y.n.dWf....|..V.(%.v.. ..?...K"...."..{V.:....+9..*.j._...h...;.!..s%..b})l..#E..B....(.F..W=q]...t.M8=v0X.)ZG.}.D.y&.P...8..SC.h....Z..c?.x..^....q8.k..O4.g.T........Gs.....*?........W.].=.t..Wh...z.Q.L...fh...z..".>...m..d....%.g.......+.=...Hb.e.n$b...Zt.-c..

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\E9TC8ZS7\th[3].jpg

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):21900
                                                                                                                                                                          Entropy (8bit):7.95802881739318
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:SnA91DjhRfRsXXZFjAkUqMsAWfbDlAbmBYWJdLUfPt8t65leHWH++ABoK:SnAjDt+pFjAkZxTD+bmBYhHKZL+coK
                                                                                                                                                                          MD5:F41507EFE8B1BA354D32C2A9E57485B8
                                                                                                                                                                          SHA1:3A4911444437DEE5E3005468C70AA910199DA2E7
                                                                                                                                                                          SHA-256:1402FF8B19E3203949440283C5D0C769139E86E1F04D1694E521E2022372EA87
                                                                                                                                                                          SHA-512:4372BC3A131764B8EDF73EE1DB548986EC3B85596BE12330F4EE1E4AA0A6E05C89DDA346B16039D2C69F6D3E71F08AECACFD35C3A8F5EDCE90BC85131D63CE07
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?../G.M.7L1.=v._.....n>.|......2..?......o..[."......i..1....x._/....[R.=.....<...b.[..k..a.....5...w....w.<....*..Qi.K.RI..t_._[..ty<...m...U7...z........yO.V....4+..od...t....B...+FI.W.A].c.|U.K..FAs.a.wq.W.....w..!wu9.s.....$...*.2.. ..*.._h..i........".u..rBI..9W4...i.).sr.}.r. ...*...k.tO..).......p....H..W..K...5H..Nhn<.%L....E..Q.Og..n....y..k

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\E9TC8ZS7\th[4].jpg

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):10349
                                                                                                                                                                          Entropy (8bit):7.9546720406123095
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:S1Nfc8zYO6TBDVjsLb/1VhdqvgGiO4AdGxCzf9IS/G2wfLN:S16uPCB5joLGvJiAd8S/+J
                                                                                                                                                                          MD5:1EF2CDC40896BBB34FD3C0954CC5F3CD
                                                                                                                                                                          SHA1:9D540E7B0B4A156EFC0247F77D40A9B1FC5E8E87
                                                                                                                                                                          SHA-256:379E92CAE1122277CD521BAE9432F1AC18535428C4B08FE23781D9121B98AD34
                                                                                                                                                                          SHA-512:07DD386CDD04D5AC69668AD7BDC1B1553B1037AC787E5FD11806756B20B9FE7479680C43E1A9CD971E75488CA013D8B5BD95FC11BE7FAB06FBF7792442C50BAC
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..$..y0/.S.5..[..x[...I.?.#...w...N.......P3_.,L%.&....).......#..J.KK...........I"c.BD..Q........^{2...5R+..T..tv......}..U<.4.....Ou2.s.g..*.qkI..)..8...../'..S..Z.#?.....T.%..>.V........W.......-.N3P...[xd..Es.G'{...X$Q...%q...#...Q.FE...u..9.....>....([....W...j..5..........y#.<p8.T...B>[...w..RCq+.5.G.VaR...7d..N..RD....2....s.5[.>...m.m....w......H|.

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\E9TC8ZS7\th[5].jpg

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 620x304, components 3
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):58468
                                                                                                                                                                          Entropy (8bit):7.97458895285949
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:1536:Ry/sYLL/SI5Q7Y2CMeHBPQchXJ/H8sjzvVjTNW:A3rG7SMejJHJRTNW
                                                                                                                                                                          MD5:CA94E1CF36BF745C629DDDBB1163A476
                                                                                                                                                                          SHA1:B78381F745B6E0855CC0A3556F67DE728F33BCCD
                                                                                                                                                                          SHA-256:F22155B6E435D45DDEBFB096A27D1F8186DA52F85B61B74ABEB694E1C3555461
                                                                                                                                                                          SHA-512:BE489BA568DAA8D919BCEE9D8CE6CA1EFAC2B706B156599552A6452911C91D02F5032B6196D93A3E5C8BD14DCF34F411F681295D7E8F861FEE5C7CC865D91F90
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......JFIF.....`.`.....C....................................................................C.......................................................................0.l.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...o....-...^...R...,c.?5...!...-...,.L.H...&F.4,..Y....F8..+[.~..>0...T..)g.#n.<.C:....Q.QV.'....<.7`.9...ki....o.i...E.n..}j.g}.[Y....H.v...Zi.....C......O...G..y.*k..i....0.r9.".b.?.pC0V.....'...T..v...*.5...nXX@..x,sU..Z.6ceS..E%.....n.\..pq..6M/J..F.~S..d..&..m.s.#...T...._$...]jYJ.M%.6b..&#.1.mX.H..l3t#..F...b...b.......H...m>.].;./.....@.&...n4.......

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\E9TC8ZS7\th[6].jpg

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):12310
                                                                                                                                                                          Entropy (8bit):7.936076457296175
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:SZUO0bPni03ATmp9bd+pKBFcd2jxDhXItx+ph5+9DCj2uUJaSe1u:SiOEPni0KI9oeQ2j9hItx+EDKUoSz
                                                                                                                                                                          MD5:8A41D5B4AF19179E6535259ECB50088B
                                                                                                                                                                          SHA1:D542635AF33710E20EDC9A6F885ABEC5B2AEEBEB
                                                                                                                                                                          SHA-256:61DAF237FAC869CA9EED206F52F0FD64F89CD3903F8E7DC9A98A93E77A291FF7
                                                                                                                                                                          SHA-512:E623590B6E72A6372251E8A215B3CBD3CA6AE2FF843FCE9DCB5F3904FC1A5AAB0004D6B846ACAEAEC5F36CD311D89CF8818197ACFED0F230C0A5F33F4FF37A04
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?......M.......iW.u..a..$s...0H.s&z..pP.j..'..n....<..02@.3w8^...I..].H.g.Lge].pG.2O.I.......,......9<+`.<....y...+.Q.C\$.....P....C...I5O."../..:..s.}....nm`......Q..*.+.iQ..`..7...?.?Z.......K.):.|...tj.:......z..E9..*.T!.9...... ~4.cx..G.doR...2..0i._...(...i.L...,Z.b8.I....kk..y.WR............I%..=.H<...L..>.C.......".=.@@..'....n...U..6.`.2.FY.....

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\E9TC8ZS7\th[7].jpg

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):19880
                                                                                                                                                                          Entropy (8bit):7.964954898152231
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:S8dRhDvBQqUG9aQPVl+2OWIN+TPvk/8oRogs+tqGR24GAAdMU3S4P:SchD2utPVlZVINIToR1lRm3q4P
                                                                                                                                                                          MD5:0D1A2B721C42C46A52C92922EA47A637
                                                                                                                                                                          SHA1:FEE70B8A2DEFC662AF3F3BF0EEEF681F63C479AC
                                                                                                                                                                          SHA-256:2C0B58A6679C26215ADACF393C84C108111D283FD64EF965BDBC3D87F3B4644E
                                                                                                                                                                          SHA-512:FAC87ADC076A69E0AF8023111A119746EA0DCBFAAD6319887FF00689A9497B177477AD1F0630D6862FC2FA8A8DABA0291ED5E3C0B265B71726F30C4CB6B8B721
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?../.^Mo.Msl.n.Y...ld...p}y.^wcs...].&..,.N.q. .n2z._I|H.F.....,u[..,...1._-...u8,.._:x...u) ..@.....r........*S...m...N....O...X.kkp-.2.7.,...@.)t.......6mV.Y...q6.=rPd.5K...W./..e..D....9.=...^.....1.-.........0.....pGq.^.#Z.7Q......J...?..w....[..][...Iz.......zz.M{....w......H..[.j...>S.0^T.v.z..-..g.h...5i.v....NG...i..8..#../..C%..1iZ}...NQ!.k.0aw.....

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\E9TC8ZS7\th[8].jpg

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):16259
                                                                                                                                                                          Entropy (8bit):7.951211183092415
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:SM7IDe5uiAGISIZ4wDzjafi5zUm8EiW39CxBPR7MDkP6PjOFu3EkRFPp0Nio:SM7ItiMZ4szq6AmgDBBSPjOpkRFyNio
                                                                                                                                                                          MD5:576E8D6659AA0A8A9DA9F71B02B3EDAB
                                                                                                                                                                          SHA1:E16817DA35298758C828EBD0CD7340D9EE54CF88
                                                                                                                                                                          SHA-256:F29D9A7A14E2464AB1F793EA064AEC116B64019CEDCDE7FA0DFD8DEED79083FC
                                                                                                                                                                          SHA-512:A88EA98F23307CFEAC4187E608BF74DF682657B653F95B629514404E85EBEF778067F399B1E7527D52362C3B10C203A3180B4B860B1B33E014328BC274EA6330
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..,..mI..c}.+d...O..jw...y..G.#._.8..QF...4.....RX....k....y%.,.q6...n.......g.Vz....._.....n.w(.k.W%....).Wi.....{.....`...>......pD....&'...u......Q...m.Y.t.H..O.].6R.....s....q..47...FS..r+j... Pi.v.Zt.8.C.I..O.o.S/..P....>.-"}.5*c#.)RE.....z.J!....Q]...O..r.b...E.....H.>.w.x.pk..-n5.b.I....k..%Hc,.3...L.F.j..E..).:.p..Z.f.n....p.Z3fY.N.m....|)"

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\E9TC8ZS7\th[9].jpg

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):11367
                                                                                                                                                                          Entropy (8bit):7.958487720940249
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:Sy9hogmTZuCXewAc/PgmwSAEg9Yohdl6nmnV8L6n7mIHlHaqBRjNcJki2Kp:SlgKpOw9gHzESqmnV8L67mIxLBTeBp
                                                                                                                                                                          MD5:272954FE3217328F9CF4AD234CFE1A23
                                                                                                                                                                          SHA1:FE12F12AC73CE77F2C238A3D5196C20BFC26885D
                                                                                                                                                                          SHA-256:378C817527A7393187EFC0C4D8EB073E3D9FBE79BBC48B399136A10F52452903
                                                                                                                                                                          SHA-512:6B91F9D69B8E5C473EDC7DC9AC9F47D010C35D10A601C1DBF03708213411B5AE4DC1CD65694B22D06FDFB42D231ABD9235F6A147EDF9D5C9C02B549053FC3D31
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?......^.:. =*..^A..4u.h..p....-qp..._.|...-.j...x.V4..#....+A .<..j.q...w.p..j..Hl.l....."..%...G.v..>...C.....2sW.CP...eB...O..\....He.....2..R2......4..h.Gp<.U...p........;|.^mQ.h@l0.F=}k].]...4-....9...=.?<}*..,....1...[h...X..u..ot.......5Xn.{.B91!...+0.m..r;.\.....x...y!.yw...../z.PM.....GL.w...#o.j....`I.$._.,.\B.......N.#...d...x..L.7.9P..)..

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\TW9K99UT\AA12I8qo[1].png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:PNG image data, 96 x 96, 8-bit/color RGB, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1287
                                                                                                                                                                          Entropy (8bit):7.753286328828527
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:Qkmkb13K52UTcyiUJlRq85hww6qJyPGbh166BaK23P:Qkm613KsE+oLDBrJyPGbD66d23P
                                                                                                                                                                          MD5:9B8059391E9315D157357A18A6A0191B
                                                                                                                                                                          SHA1:C466111C02D867C05CD522F2F362CFC23FA22B9C
                                                                                                                                                                          SHA-256:379BC8D28440A12EA8A540917610C7B6A2B865CDA7275285FF922D69CF46B5E7
                                                                                                                                                                          SHA-512:CB19000C7425C1CF8DDA9A8D10DC220D4961D34AD9B837E4DABF2C649D57223F0497D344671782E4F4782BDAD82B06CE702E27D67F2176168DA619985BAC5848
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR...`...`.....m..o....IDATx..]l.U..........MD.ra.h-.c....?.F.T....@..ik......6.......pC....x%....DJk.......x..-.......$.......w..U........ :R..)....@.b .1...HA.. .R..)....@.b .1P..P.<.,+.nB].p&H].rI....G...D..<..V...~;...z..w..?..%V.~c.z...B..=(.z._V.3.=\.)..-%......w1.]e..8.P7....kC.j.......nhT+.H..B4(..Zg..$J....I.W..:{..S....VC...74.....^,..6X.....8.jX.W.._.~E.....w. .....e..x...kB....z...3..?..m...z....d.......g.D....n...q;GNo.3N|...%.._V.i~.....!.@p.E.k.[.(..D.lW......$H..Q$A./Z....jz.K........-.G8A.B5....P........q..-.a.)..u.U.a."..../..4.Q..X.....{........$, . .....+)...^..+.U..fz. ...-$.....#n..j_..z.Pe..O....ts....w..B.........F7..(Zq1...{.q..w.._.,.Zk......T.H....,.<.h.g.>...........f......%7...l*T.&..ykrr:Vo.S...f....S..~#j..A1........C9I':.......t..NO.......,..b..e}g..I[c..7..Y...B/.@...8}.....!...7.b..N.c.......m.pz.E....8...... =p$..A..s.K.......M...B:...q..W.O.`...;....E.......{.P..... ......-.....

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\TW9K99UT\AA17TFZv[1].png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2880
                                                                                                                                                                          Entropy (8bit):7.879136096857446
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:C/6SyJtSJGYielqeKcdbk2QPFKxfGYMs+dqRmRIg5SZcgjsKs88hPTQQQQv:CSS8tODlqbce2jtGu3a5SCgjsKs8+
                                                                                                                                                                          MD5:04BC888A67735209F284676628AA9325
                                                                                                                                                                          SHA1:BEC523E7378599AC1D59FE2069797F8A1223A7B3
                                                                                                                                                                          SHA-256:B108D167C84C2266C0D96B5413A08694EE9BB1C70952794A5296B2CC3A0111C7
                                                                                                                                                                          SHA-512:65C47B01C55262E9F36AF461493F08EE626B1AFFBD0B910A018DC62BBFC449CC13CEEFF54B9E2103AF2A829497ED7AA2CF69EF1FA4EE2CF9FEB59257C09192A2
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR...`...`......w8....pHYs.................sRGB.........gAMA......a.....IDATx..Kl.E....v....*.AH..8h,...h..I..%....r.`|..D.6.D........r.-...6..x.5...@.. >p...e...<.....'..?v.?..kfZG^....x.:..J..3A....<...L..3A....<...L..3A....<...L..3A....<s=.!:W.&..#...."c3'b....F.N.....L.l..T..?..W.eC......|...<.9"Bsv....O.zrd..U...;.M.~.*.:7C..]&M.U..,....V.$!..R.~..t......_......x..{sv).{...5.q....8GZ.]$..K...)...........z..0B.....=..........I...H.....E..1A2...1S.c@e.2u..W5...F.kk&.E.#...u...c..Z.?...AM. f^^...m.Q..[.8D...'4.z.r...'...6..?x.....'..H5x..?...XDsv&.x.q1..8Vp....r7.%.`...2.W...5...I....Yq/...w.|1..4.....Y.V....N.......#m...{......m..`......../..:u....U..8.n.... .}.o3..|.s...O_)..;g.w.[......g.hcv....KA..#...B.#.......0c.#.).s..9[.....C..=S......kU"B U..@($w2..;g...6Y...............z.........?........3......"..|......T=...".xxpDB....#. .JD..{h..{/.k......9..g.........."..#....0Tt.W.g.....FL.>..E....x...|..|.<...`Y.....$8....g

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\TW9K99UT\AA1jly9f[1].png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):405
                                                                                                                                                                          Entropy (8bit):7.210520499858802
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:6v/lhPkR/C+nyke1I1bDhfWTOnJNGflEHdYo93zyW0X22PrmLo2qufrYXup:6v/78/UIFdcOJWad/ycCraq+rYs
                                                                                                                                                                          MD5:C549DF847E13659AF701C4E359AAF61C
                                                                                                                                                                          SHA1:88C4025B41357295948213E0F5BA7C95B30731B4
                                                                                                                                                                          SHA-256:38D0FE0FE42DABD600CD0F434AA7138A11425B0F675EE7C4EE350C2D3ED67CBB
                                                                                                                                                                          SHA-512:1D3E1A08F171EFE02161F6A672A2DEF35B35967E47E0D58CC71B93FF4758387984A96A59EC99FC8C122FCAC1F7912D9E7685808F9889D80A3A24CA6B15651ADB
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR................a....sRGB.........gAMA......a.....pHYs..........o.d...*IDAT8O.Q.J.Q.=...T"~.[.He..>.RF.:h...|.j.w.n..(b)..J+u......c "..803g......B.N..W.GHv".>qF.s....t|\....l....9..C\.\..c..X.Y..Sm.1.6.g..In^"....H.........Cg..^........A.W0...v.G.d{,.@*JS..T3..zEa....1....?.xt.....Kf.x.s.O..ug......3.~.......*...H.>d.....!...w6c.V#.W...................@#n.....IEND.B`.

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\TW9K99UT\AA36Tom[1].png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:PNG image data, 16 x 16, 8-bit/color RGB, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):331
                                                                                                                                                                          Entropy (8bit):6.836736228609407
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:6v/lhPmNpkB/6TogjnDsp9aXaZ4eJcAVKOt2sgLNHvEE/BsaOxycp:6v/7uNpkB/6Tog8sevNt2sg5HMSBe9
                                                                                                                                                                          MD5:217F503D30923BA5958A41D356EFB324
                                                                                                                                                                          SHA1:BEE9CEB356810DAE6729FD3194E98CF84FF13770
                                                                                                                                                                          SHA-256:78AEBC311A219FCFE478659A02EB863E15671651B77D283FFB71E9197C2E999A
                                                                                                                                                                          SHA-512:14ED9DD8325F7FE88B7FEACA1BA2AF6DA4824A01B65D6801EE6A2C0B4A009E21E44ECB1A2CC2F291CAE887DB20EE0CA76D182B8CEDFC02975668C1CD483A31ED
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR...............h6....pHYs.................tEXtSoftware.Adobe ImageReadyq.e<....IDATx..R...0..e....j.......I... ../:.y<.n5x....e..[.+N.9.>...(....:.?h.p..r..{...<.Z..u.......,@.u.K.y.A.......}....iPW_...q..u]c....<x.B.E.........(.[E....t..-!..0g.. ..,{p~a....p..m......a..a..B..,....?~.....d.n9.A.h....IEND.B`.

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\TW9K99UT\AAADLcm[1].png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2028
                                                                                                                                                                          Entropy (8bit):7.306500356096832
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:f6vnL+wuJ3wnsFJCI/zbSadl1V4iyyUGoZKSd6/L9:apLOsIZdZ4ihUTZQh
                                                                                                                                                                          MD5:9C91E2926EAB90A81E459E40E0FA1BFA
                                                                                                                                                                          SHA1:CEE86668D768D0FEE993D28FF27773485A317A9A
                                                                                                                                                                          SHA-256:55C49CD89E92A67BBAE6EDEFA5C8149776CBF878A0770ACC74F0A85CA09F7E50
                                                                                                                                                                          SHA-512:4BAC165C0F22937A1374A601B9D9F59309FB0C6EE2785314BDFE81537B800B69F58F5F9FCD07C1CD14942638BA9BE0D3E2E9799F2541A29FDE95FF3AD982F85D
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e<...ziTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c140 79.160451, 2017/05/06-01:08:21 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:da9d199c-5da6-4bd9-8b51-825c36c876ed" xmpMM:DocumentID="xmp.did:BA39E74AB90E11E8812E96E90AF5A761" xmpMM:InstanceID="xmp.iid:C0940E64B90D11E8812E96E90AF5A761" xmp:CreatorTool="Adobe Photoshop CC 2015.5 (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:1bebd310-2b95-4f81-82e6-b4f255988ba5" stRef:documentID="xmp.did:da9d199c-5da6-4bd9-8b51-825c36c876ed"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..6....IDATx..yH.A..wsM3.p..L.

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\TW9K99UT\AACl6Lf[1].png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):18254
                                                                                                                                                                          Entropy (8bit):3.249364975869355
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:CXHt+JcNgOSiS4XsAYNpf2ESNLkEWmRsxNXrNXNsc5KmE6ZaxGu:2oONgOLPXsAYnWk6U5You
                                                                                                                                                                          MD5:55B4CCFB61063278E3AFB62CD52E90F2
                                                                                                                                                                          SHA1:AE23530272B04155E104AE93080B3D56C681FE22
                                                                                                                                                                          SHA-256:6D7E84DBE1A19AA1EBADD92D04EC0DEC54CDD2345811F21AAF064150FBA02068
                                                                                                                                                                          SHA-512:5BAA1AA60A1314B10444F49B58A50F163DF1B1C2F8E0D7B9975D344C88A4B45FFC01305D99BE038ED988805F34CA6907A148E8A053F6E0CBBD32A29CC08FB498
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR................a....gAMA....|.Q.... cHRM...........R...@..}y.....<.....s<.w...9iCCPPhotoshop ICC profile..H..wTT....wz..0.R.....{.^Ea..`(..34.!...ED."HP..P$VD...T..$.(1.ET,oF.........o......Z..../...K......<....Qt.....`.).LVF._.{......!r._...zX..p..3.N....Y.|......9.,...8%K.......,f.%f.(A..9a..>.,....<...9..S.b...L!G....3..,....F.0.+.7..T.3...Il.pX."6.1...."....H._q.W,.d..rIK..s...t......A..d.p....&+..g.].R.......Y2...EE.4...4432..P.u.oJ..Ez...g.........`.j..-....-....b.8....o....M</..A...qVV....2.....O.....g$>...]9.La.....+-%M.g.3Y.......u..A.x....E.....K.......i<:...............Pc...u*@~..(.. ...]..o..0 ~y.*..s..7.g...%...9.%(....3........H.*...@...C`...-p.n.......V..H.....@....A1....jP..A3h..A'8..K....n..`.L.g`......a!2D..!.H... .d..A.P....B....By.f..*...z....:....@..]h...~....L.............C.Up.......p%....;...5.6<.?.........."....G..x...G.....iE..>.&2.. oQ...EG..lQ..P......U..F.Fu.zQ7Qc.Y.G4....G......t...].nB../.o.'.1.......xb"1I.

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\TW9K99UT\AAT0qC2[1].png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4403
                                                                                                                                                                          Entropy (8bit):7.920463421474872
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:CSDbRvuYLph6gAY+EHysr4gUqql+90tOU47tLTnkWoZl2u6:CSDlvuYL34EHWZqqlC0H4RXR
                                                                                                                                                                          MD5:B793F082CCFFD2B848D6DD1463315628
                                                                                                                                                                          SHA1:6F2AF015E0CE8227C51F81190F85928E81DDF904
                                                                                                                                                                          SHA-256:53449240A488DC721E154C880A64E8A79F86286DB406120F24D252CFB3E8B061
                                                                                                                                                                          SHA-512:357FE9D636E719E63B8A45920017DCC1D8B31B9AC7E7C6AB2D54B19DCED1FE61E7433FE7E769CD55CFADBA1761B59B86610CB98DE10EE908D34AA66993F321C0
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR...`...`......w8....pHYs.................sRGB.........gAMA......a.....IDATx..]l....wm.z.x1`.v0...J.T.T$..h........DJ..V<.....JI+x.T$.<..K....."....PJ.vZJ....;..`.....u.Y............fw...s.=3s'/)..d``......K.w'.........^......0..'..a,<`8...O..}*...........(...0.c..O.y...@^.AZ[[.{..Y...8{..4..-[........hoo.B._....7...#.l.Y~.\.B.10*........<H...s....f`T477.&.......0<.._Bx".>..C.dL.P...................[.......5..D.y...$j...VnI....L..+)<?9..w.}.k.5......v...4..hWm.L.H..........Jr,.j{/.....Pt8......YND..&.; 0.}TU.l....H......D.m`#-..../1.....W.De..../k......f.X..8p`NL.....6.`..T{!........')[.....j..v..6...I..R.(.....T.j.f....=.J.....`;..A...S.0t..V. .Y..C...A.q..;v.."C...A...h[.Fg... .~o.(.m.!@.....O4...#[..A.....J.o~..8.g.=.E_.....%'$.;i...M$:)9.O...q...)\...%+(/.l.\:.{..........]._J.P.j.*.&Z......(.....i...8Ct.......w......0...4z..M.w.n....,.J..[]..}..>........'.m...U.x.....".:..L. $..W..........G..;..)".N......?.P

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\TW9K99UT\AAV6pJN[1].png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):396
                                                                                                                                                                          Entropy (8bit):7.096895732454424
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:6v/lhPkR/C+j5oDqqbfhYAT79D9p2CjDukhe/z+n4FTS2hMWzvct48pjJup:6v/78/X2D7GAFhpx/q7+KS2yu8pm
                                                                                                                                                                          MD5:2711B13307455661EE0E114CB96550E3
                                                                                                                                                                          SHA1:4C2FD840B5446D36CD1D5F9941E8B141D8D01D83
                                                                                                                                                                          SHA-256:902D2F981164EA4DA638B57BC0DC598A458DACD6D32B09A28AACDE9FC0CBDCCB
                                                                                                                                                                          SHA-512:49EB9228411D4B1A823BA571CBD5525C20C9A9CD17AE95796ABF86A2D41BCB596B33A526AE730CAAA640AF6F0A1C8D0B4227E5924FB98C63D88FB03C74FA4860
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR................a....sRGB.........gAMA......a.....pHYs..........o.d...!IDAT8O.=k.@...}..&.V.j...5fj.8....n.+.:..._.KZBZ..dp..%......."...{....^....i..v......!..M.M.!....{\&...y.b._.%.<......\........I...S.4...J.N....&.A..%.W+J.EQp+..{...'.u..e.V.,..f....=.i.4..}..X..P...9..1.."P.$..w.Y.S..(P.i|...~.F)....t....Z.D(.......3..j..(bg../..w.B)...?.)......X....IEND.B`.

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\TW9K99UT\AAWTbPq[1].png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):6926
                                                                                                                                                                          Entropy (8bit):7.906745244520129
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:lh/Jk/aHBL27rxHGMr5kNDa9EGG4glnHb31RPxB8TWl:Huecsc5kNO9EGG4glnTT8Y
                                                                                                                                                                          MD5:3AF6FE22820F9627937BE331D93AC67F
                                                                                                                                                                          SHA1:C6E1A0DA0E5DC518C472DA612C4B9A2822F36162
                                                                                                                                                                          SHA-256:096719062DDD704A2E998D1B8226B15B79431CE9FFC7BE585F013B729B168B62
                                                                                                                                                                          SHA-512:D4CFB9E76C16ADDBDB0693661CE7B2765995FB4028D4E4D28096BC68FCAAB51FF73BE50AADF9F7DFCA8325EB8D9A4C2FEDF60090664B8A67D925F2EBF75159E7
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR...`...`......w8....tEXtSoftware.Adobe ImageReadyq.e<...uiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c006 79.164753, 2021/02/15-11:52:13 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:ddeabf0f-a46e-489c-806e-76d5e49f7eda" xmpMM:DocumentID="xmp.did:905D497D7EC911EBB6FFB5E1B43AA253" xmpMM:InstanceID="xmp.iid:905D497C7EC911EBB6FFB5E1B43AA253" xmp:CreatorTool="Adobe Photoshop 22.3 (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:3ece29d3-28ed-424b-8cd9-35ce51f12eaa" stRef:documentID="xmp.did:ddeabf0f-a46e-489c-806e-76d5e49f7eda"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..f..../IDATx..].|T..?..7.fK2.g....$.

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\TW9K99UT\AAgymO6[1].png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):18952
                                                                                                                                                                          Entropy (8bit):3.213309466112537
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:bSDZ/I09Da01l+gmkyTt6Hk8nTOuWvkiQrrBVrYNGQpGfNXrNXVhsc5MtP:bSDS0tKg9E05TykiX85w
                                                                                                                                                                          MD5:C9F43D99452142EFD4C56810147A1AF8
                                                                                                                                                                          SHA1:77FF99272DA4B2A280727E1E1DE7235729924A16
                                                                                                                                                                          SHA-256:FFBE717ADFAF0509471AD9C4EC08E6E3896AF5381BEA7C0FD7E0AC75BA88EBDF
                                                                                                                                                                          SHA-512:347495EA2D6D6439E174B6ABEBD315B0E3B0728D2FA56A2AFB952FC64144D85EAEEC993E0F1760A0DD0950AD5CBA2C34D96D42661E89A22AA41ADBEA47073844
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\TW9K99UT\AApetOg[1].png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):18737
                                                                                                                                                                          Entropy (8bit):3.212188501541689
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:bSDZ/I09Da01l+gmkyTt6Hk8nTKkEWmmUxNXrNXNsc5MrxM:bSDS0tKg9E05TKk6l5OxM
                                                                                                                                                                          MD5:94F9CE6CD8A814B9E860BE20E21CD53B
                                                                                                                                                                          SHA1:670A39DD13E1788140BA2B457A497B32E59ACF9A
                                                                                                                                                                          SHA-256:0DF5DD498B0860945EB94B3C56CF77D9E6CC6CC16AF1B5AAD2B7FD23CBF9A38A
                                                                                                                                                                          SHA-512:F96D19541A7405FA3B1BB7B6883CDC704777BE5224F3556E3236F60FAF7E0234C3916CF6BC45FE0C3353BAD66DF6BB254B349AD96FB3BFFFCDDB020CD5D28E3E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\TW9K99UT\AAyxkRJ[1].png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):18737
                                                                                                                                                                          Entropy (8bit):3.2844151735912424
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:bSDZ/I09Da01l+gmkyTt6Hk8nTKkEWmgCxNXrNXNsc5MCrdL:bSDS0tKg9E05TKk6x5R
                                                                                                                                                                          MD5:0E24DBB269909FB843B94057283D62C3
                                                                                                                                                                          SHA1:1876120A624E3A7EF745C9EB0E05B5E47FBBE657
                                                                                                                                                                          SHA-256:0952BFC78774D1ABF4729092EFDF61B96FDA8BA06F47E0A95A7347A5A41BF0C1
                                                                                                                                                                          SHA-512:0E4F02B8C05BB2BA7E6924025A2222EE3583BA60DEF3FF48AF3A46669E5ED396CC5F7A90B9858B7CE0DB5C7E3FE7B50D6C9877F1F8DDE2DE7C2D8A6AE72B2205
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\TW9K99UT\BB1gaPyN[1].png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2550
                                                                                                                                                                          Entropy (8bit):7.8899391400943575
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:BoGKJ/hc4hc4h2ONKo7B4LZipPAzrSZYRyKU1I13/HzpSCn7D1WSVhc4hc7q:/KtnnHNKUuUpWrmvKYIBDZnr
                                                                                                                                                                          MD5:F951E48723CFEAA15FE3DE133FB26341
                                                                                                                                                                          SHA1:F473816B883AE2649DCD4F1E9CD715D7BA7F9317
                                                                                                                                                                          SHA-256:43138FE66C86A431507D256E85F834012899493C067A9ADCDB2FAB6DA11B81B2
                                                                                                                                                                          SHA-512:BDA1E0A3EA18DC63E2D0B90BA21F966F47A46F7E5AB8E4A37D9464F16B2DF1D3E8636663892886E6632EB819B9DAA0ED9591EC1E246F36B5E49773B40F5E0BBC
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR...`...`......w8....pHYs...........~.....IDATx..MlTU..m.v*6P.~.T...P..]h..D.&eGpA.F!.....~Dt..4.&...%.(.H1QI$.F.M.).vj...j~........j.wJ.?.X.w.}....9w....]_..W.......;4.....x...........8.'.1<....p.O.cx...........8.'.1<....p.O.cx...........8.'.1...o..6.l?l...d.W.g.....T.....o.V3..N..?.|..........g.....7..N\..MF&.~~...OOE......o.4..=k...x.^....frd.....1..~b...U2.jF&........hli7s. .,...{K...2.>.e..("s......<d?..7F..[v..=.P..:....!2.@......sy.dt.s.~K.Z..=.?|....L..g.......X....Z-.:.At.K!64.....V4...j.......~sur..:q.....QD&..hq......o....%xk(.......k..cn|..%...."|...5l...uW......pW]..\.sd.E\8.........L.....HM..~m..f'..N..j.D.......0..~..6.3.[.4z..?.i.R..........].m}....L...Vy.(Fj...M[...D.l....E7._n.8./.y .*.Ad.....R.a.O......Rn...-|H.r7mR.YN@..{...X*."......36(S..CFv$B...ep..'...?;..uU..X.......(V-.....!H.....z6r3.._|e.;s....5.I...,..>...,..!.yf..+...!...1..i.m~....n./(...l.$...H:j..um2.......u*..).(..........8...X./.Px..........

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\TW9K99UT\BB4kwAp[1].png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):224
                                                                                                                                                                          Entropy (8bit):6.3996615625377125
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:yionv//thPl9vt3lUkC9/gnbBnq6iW2KrDkMQuwRn2zdqhDnOur9dwsiAJjnRQw3:6v/lhPUCnFq0P62xqZnNH0G1QqLp
                                                                                                                                                                          MD5:AC370205FBECDF515D209C1840F11F73
                                                                                                                                                                          SHA1:7E5C86F49AAC87EEAA85AC0C3DBD278FBC7C9B80
                                                                                                                                                                          SHA-256:69417361260FE0333D180D084AB0A6F6DDD81448B144CB7272CFE5D3C91FCCEA
                                                                                                                                                                          SHA-512:37179F6F8C40529C9CA95AC04E0B6C0137A84CCFD15221B27836F8C3104E889C0D96196B303611D515CA59FF0C6BFA76D3BDC4C277C2F4AF84A52F35850B6C54
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR................a....gAMA......a.....pHYs..........(J.....IDAT8O.RA.. ..C...S}..0A.....A.af7......#8,...=...X+.......>80y.-....S....u...)...K4(.g".LKf!.......h.F.H.y.....$..n....R.=W.7pc.........IEND.B`.

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\TW9K99UT\ZT7SON5I.htm

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:HTML document, ASCII text, with very long lines (58562), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):190892
                                                                                                                                                                          Entropy (8bit):5.461382761031215
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3072:p/5QRNFb4/WDMihc/h5Nyh0lCOpIS/xYy:7Qt4/7ihcHNyhICdAxYy
                                                                                                                                                                          MD5:9EA07929A32E1836D80A22D6531CCC0E
                                                                                                                                                                          SHA1:115683E3EEF1E6D22BC89B995813C1727E00BB0E
                                                                                                                                                                          SHA-256:13FF154B83F4AA79A86A43CB84EB5D10F86E741286F0E6D6C6E861646A41F4F5
                                                                                                                                                                          SHA-512:A6DB975DE826C191E61C2C93CE217BA3B4D15EFFDD6758E1A5B06B8154E4DE3EEDD63CEF206B03896A755E33D364B39776DD59D729DEA229DCCEA65F9B23F963
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<!DOCTYPE html>..<html lang="en-us" dir="ltr" >..<head data-info="f:msnallexpusers,prg-sp-liveapi,prg-tat-msnvserp-t,1s-msntovserp,prg-bd-top-f2,prg-sh-bd-df2,views-river-wpo-1,1s-wpo-views,prg-river-wpo,prg-c-visser,sh-npllmcw,prg-sh-ntpigspsd,prg-1sw-sa-trainpost1,prg-1sw-sa-distillation3-c,prg-cg-p1cf,prg-1sw-p1dynasize,1s-eaop1,prg-sh-badgewc-c,prg-fin-chl2,prg-fin-l2tnewsc,prg-fin-cdicon,btrecenus,iframeflex,prg-adspeek,1s-winauthservice,1s-ntf-hisent3,prg-1sw-blkbknhi,prg-1sw-samhibrnt2,prg-pr2-blkbknhi,cg-nat-ad-land-ctr,flight0417_4,btie-aimclickbait-c2,routentpring0t,1s-fcrypt,prg-cookiesync,1s-shp-xp-ecrfrich,prg-sh-ecrfrich,1s-ntf1-fyrvc2,prg-1sw-sa-fyrvt1,prg-ctr-pnpc,1s-wpo-pr2-hdcapu,prg-pr2-ltpacer,prg-upsaip-w1-t,prg-upsaip-r-t,prg-ctrlvidbuf,1s-rpssecautht,prg-1sw-p1wtrclm,jj_fac_c,prg-pr2-bdgendpt-t,prg-pr2-bdgendpt,prg-pr2-saupsellc2,prg-ad-article-hc,prg-health-cfstaging,prg-cashback-odm,1s-promotion-cod,prg-1cashback-odm,prg-1sw-cbcacheshort,1s-wpo-pr1-cnop,prg-1sw

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\TW9K99UT\ie-image[1].png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:PNG image data, 1260 x 293, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):39155
                                                                                                                                                                          Entropy (8bit):7.8985187905985486
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:c3+SnZXFurjYW0X0RJ/Dd18i72A/qcQ6Nj2CG+CiTZ2co4IXnmDt:DSnZXFuPSX0f837cQnCG+3WZXmx
                                                                                                                                                                          MD5:E161E2045A32E4513E81954B1D83B953
                                                                                                                                                                          SHA1:0A06306203C286B8C342CFD856C1EE3F16728C7E
                                                                                                                                                                          SHA-256:7A344D69BC6657592E6041F0ED4F53F56ABA90B97EBD94559198B1D059DC7F64
                                                                                                                                                                          SHA-512:7C7E5C2D2A0DF749BB4B52F2E8042829AE8ADD4F242674E13C14FEC436E56D7B173318D8408DD5A33462D38BC1FD2AD932B2060994B5A0C46F4B4BA89922437F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR.......%.....W.}^....pHYs.................sRGB.........gAMA......a.....IDATx.....diz..}.c._..W.7..Nc\..,@...]I w..")..DI+.!.6......A?2......pI`....{.........&.9...s2o...2Y5..0;.I{O..|.<.#...?. """""""".............&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\TW9K99UT\ie-image[2].png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:PNG image data, 1260 x 293, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):39155
                                                                                                                                                                          Entropy (8bit):7.8985187905985486
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:c3+SnZXFurjYW0X0RJ/Dd18i72A/qcQ6Nj2CG+CiTZ2co4IXnmDt:DSnZXFuPSX0f837cQnCG+3WZXmx
                                                                                                                                                                          MD5:E161E2045A32E4513E81954B1D83B953
                                                                                                                                                                          SHA1:0A06306203C286B8C342CFD856C1EE3F16728C7E
                                                                                                                                                                          SHA-256:7A344D69BC6657592E6041F0ED4F53F56ABA90B97EBD94559198B1D059DC7F64
                                                                                                                                                                          SHA-512:7C7E5C2D2A0DF749BB4B52F2E8042829AE8ADD4F242674E13C14FEC436E56D7B173318D8408DD5A33462D38BC1FD2AD932B2060994B5A0C46F4B4BA89922437F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR.......%.....W.}^....pHYs.................sRGB.........gAMA......a.....IDATx.....diz..}.c._..W.7..Nc\..,@...]I w..")..DI+.!.6......A?2......pI`....{.........&.9...s2o...2Y5..0;.I{O..|.<.#...?. """""""".............&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\TW9K99UT\mobile-image[1].png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:PNG image data, 375 x 180, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):23972
                                                                                                                                                                          Entropy (8bit):7.983082688064765
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:OQCmhN3Hqqm87sSOvS8PJKCqedNV7TMzNjdpNQsjtHnUSQkBmSfYuoq9Dgt:dCmr3KqmIdO68MAnnWNjdpBSSQVfWDgt
                                                                                                                                                                          MD5:64C4757048F068394817EE126FDBA8A6
                                                                                                                                                                          SHA1:3610DC2EB5E3C09809E94BD0694A06C7A51580FF
                                                                                                                                                                          SHA-256:A9FEC8F56726ECA81D0600220A6B168FFF112A5283741FD5EC63509AEDBB51D5
                                                                                                                                                                          SHA-512:373EE45E16D231B2FF8A897A357A52A58B63430E0BCF728867879F2E10E55C631589D6F63C1675E2E40EB1EF7CEB59B15DF18013EA0F3FA352A3B36296F14DAB
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR...w.........o.lP....pHYs.................sRGB.........gAMA......a...]9IDATx..g.$Wv&....H_......n......1...g..r.IQg.]..?:gWG.;....s.#........;.!....a`f..n.h...].dV...{.......j.C........|..}......................G.............6 ..;888l@8rwppp.p............a.........#w......G.............6 ..;888l@8rwppp.p............a.........#w......G.............6 ..;888l@8rwppp.p............a.........#w......G.............6 ..;888l@8rwppp.p............a.........#w......G.............6 ..;888l@8rwppp.p............a.........#w......G.............6 .8lh...5.Hn.R......j'R.;|j!..I\7...Z..G...BhB.<}.....G..X..-...w"..]f.v~..+.HI...#._.k.S.k!t...n..;...6..`...G...L...../...1...Hz..:.....j........a.."..M...(..u.L..+m.3.">....i..pq..v.!..p...m7.gH\.v.{.....j,@...w:@.......v.....>).w.......G.r..LKmE.@........K...v0^........v..b...ja....@t`..u.......{D...}./}...}g.NN. 6..]...PS2.q.Ge<..v ..D....B..B.V...D!.T...@>G.....u.m4.Z.XZ.\X...j..F.Y@.... .."z....

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\TW9K99UT\th[1].jpg

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):31956
                                                                                                                                                                          Entropy (8bit):7.967312102996992
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:SMb0BxAOosmuIhy5rHj8y94w1wsX/HEYdimgcOI4HUmpYoxDpAz5aOEPgqa:SU0Us4hs4OxP3OI40mpgUdPgt
                                                                                                                                                                          MD5:706F95954835DF840CE249D22091D443
                                                                                                                                                                          SHA1:4A1B41DA2C08BE1BA49BD65AB9DD8E0D6172E2EF
                                                                                                                                                                          SHA-256:733AB5A52C3D26389507F5F9712697965928BB8348DAC6710618B9FC5DDFB746
                                                                                                                                                                          SHA-512:E26E647BC078EC67B90682A8BF893BBF97D4C21E042F9B7427848FCBA57F841E548E90B833D004C0DE2320057852661729CF2C6D0F6F4191856552BCB2AF027E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....... .....^6..i.E....*.....m....H]....X.|..C.|..Ie..{M......_aeu..+..^9......s^.....;P.O..4../Y.f..(.gicGdp.".w.\q\...m.k..V7>..u...~..X.y..W..viI..P.#........2..i.K........n.._.|.Ez.......k>......[....CZ..Ss2#v$...8 .0...V5`.....8...U...%........m?.........i.......c.fa...-...8$.*.89Kd...%.y...jx_.z...D.f.... ..pX.G..5.>(.|).r..D...u.3y.[...,

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\TW9K99UT\th[2].jpg

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):10992
                                                                                                                                                                          Entropy (8bit):7.948238862219597
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:SFpJ5ussRVVhT0kUmuW7WiOIaXbPmmiq+Z1g5EZtRZsqEE6KwbyiDx:SfJMVvSmu4/6XbPmq+Zl6KtiDx
                                                                                                                                                                          MD5:A0775C337FB0764061BE3A438C64DFF0
                                                                                                                                                                          SHA1:D90FA7ABB02BE26DB1F0A3B044D3CA54C72A8A90
                                                                                                                                                                          SHA-256:0A7A540A7801C30015973009DA479CE8B825AA0D288F4630CC1A63D0904FDA46
                                                                                                                                                                          SHA-512:A2755427546AD7C7B8C57A1D96D944CFA390FF3187832733C941351837D0D635BF2BDA8B1D47976D524E9F94EF5596EBF707AD82E27A185D63F2CDC4045ABB32
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....(.I..S.. ...LL0i.>.....E_.KB..N.T!....NP{S.8.D.@.oJ]....`.!\h....].4.S...7.......ipqN...)p}).4..G..F..I..F.E..x>.`.T.>..M....9.I.R..v._...[NzQ.R.<...R..1....R.?..056(...&.J..i.1.&....G.F.Y....=ir.\..8. .S...z.k.M`s....)1.>...6.1O..?.)hQ@..p.Rq.J.($u...8....U...4.h^..@.Z..lDZpS.J.S..U$K`..R....c]....-....R6......ZV'.@..WZ......q..F......$.U.p\p.\t.i.9=

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\TW9K99UT\th[3].jpg

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):19992
                                                                                                                                                                          Entropy (8bit):7.9607972204301145
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:S3Nr4OYTdgo7epTqMscOSUF8FE7nwoyKOblV2GBzJw5EKYYty:S3NuTdg+5LF8+nwrKFGBzJw5lYl
                                                                                                                                                                          MD5:FD316FEECAED23F63846331CE8CA81A8
                                                                                                                                                                          SHA1:9ED377DCDADDB9700824297D8D91793DB10996FD
                                                                                                                                                                          SHA-256:8D32894F10003936FDFEB8042A445CDA14927B355D7AEDA346E4FF1A75C007C4
                                                                                                                                                                          SHA-512:3A21ACD5B6DBEE0955A79889FA52DF7173D3DF72E3E380D21550127EEF6AF851C1C05828CA1B83D8F9F52A97F00AB9C645DB149B51C34F55D0EB3E6A2F9FA3C7
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....VC.?...\...5$/.Y..l....x:...$.S.S....{..:|.s..Ki.....T..i#io.....8N....2/4.hq.>......'...0[..C~.Mt..4.G.(.H..j.4..dD......+)a.}..s..5.G.i..\.K..p.8...s^.....k.kd..n.8,.l....c+.......>....4.kdc._..).M3`r.......z.kV.o....:.\.f.h`.~'.........eg.j| .e...\.!.Alg.u..../-......9k9.2..l~....j.....(5......6....{.Z.M+4\a}O.<].*.OV....d.".....q....'X..uG.5HZ......

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\TW9K99UT\th[4].jpg

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                          Category:modified
                                                                                                                                                                          Size (bytes):10927
                                                                                                                                                                          Entropy (8bit):7.946829888386861
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:SD6C7NqzMKEatbP5IyWvupc49j9UmlqBst2hM+jysKqGf9c4hu:SD62Gptj5Zh9UGqqd+msyFju
                                                                                                                                                                          MD5:45FAC8B08C01625282DAA171761990D0
                                                                                                                                                                          SHA1:C04BBE9B300185CD2FD3CDAE4DE2BA688591198B
                                                                                                                                                                          SHA-256:3932BD124A22F2933C6032673B5A0122A7E62468F5AAA33D6FC92BC37ECBAFDC
                                                                                                                                                                          SHA-512:6EE636B8E54F309BB0CED01318653A024F070374AD9C7FCBC10790F9A71C4DBD7B4DADFD7FB172EAD606FEC2A3C7F517A2A9A9161FEE2BD1F7F6A5AF10C537DD
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...R..=*i.......Z.T..Sp.J.a....Q.A .*5.....b1T..|.z<.z. P_.*.....O.G.Pg9.y..h.....Q.YbNz..wrh.R9..Y.-f.CRG3b.4....D....Y.L.!*(.Ed.../.3Y.....PH.......[......Wmd....a....P...qN.......!..PZ..~...U.F.oJ]..".(`i!...N..&..^..d..6)...<g..X.4{UZ/.>b..C......cPM/..-S...4;.n....-.2.3..q..'.?.V../.......t...#G._......B..%..k.|...L..U.u....y...i.u.....+.sq.^

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\TW9K99UT\th[5].jpg

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):13158
                                                                                                                                                                          Entropy (8bit):7.966807537692297
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:SXco9K03taSsQ1sWaYZGDABivZG30SdPTT:SXco93aSs+GJkovZdSdP3
                                                                                                                                                                          MD5:436A5EF8A5DCA35F95835DE2D2129A58
                                                                                                                                                                          SHA1:6475C5349432878720F8F60FE8AB15FDA7535045
                                                                                                                                                                          SHA-256:FD6EDD3D52BBC37FA00EFA4BC47B040D3A6452E86F9D414FCCC2520B7060DC23
                                                                                                                                                                          SHA-512:2C5F885C2BF702350CC970BDDC7EA49CD6F7AF3A0C66D78272B48B2A6FD41396B4ED090E909A01ADB88746B7DABE856367F3FCC0A60116E8393F2A683B083221
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..#S.+X...:W;wu8s...z...#o.......~...u.L....j..n....<>!........,fS..g]h06J.~5jI.. ......(k....~....l......4`.eu..U..d.N..+...CW.UE9....../.q"KB.....2n......q(d'..o1n.#....!.....L.=.:M6.)..$...$.......a[.m_..=*U.e.|.?...f.Cc.q/.O.D......L._.l...6q.5Y..V%e=}iX..q.}.T~4.bg>`5..l..3._.7O=...>cbIm.~uF.....~u.z.../X..Eq.w..>..4i}D..U.H.2.[...T7.3....g.b......

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\VS90KX2J\16D5LSYJ.htm

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:HTML document, ASCII text, with very long lines (58562), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):190892
                                                                                                                                                                          Entropy (8bit):5.461437415030825
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3072:p/RQRNFb4/WDMihc/h5Nyh0lCOpIS/xYy:HQt4/7ihcHNyhICdAxYy
                                                                                                                                                                          MD5:F07958BD3236963EC5B7A1EE19523772
                                                                                                                                                                          SHA1:7AD1577AD4F212DC1245DAABE852BC5B8C78E7D0
                                                                                                                                                                          SHA-256:979E1644FC5D23372E77ADFC97C7BCA6E47A598E1E0E5FB262AE8BCF1F69DAFB
                                                                                                                                                                          SHA-512:47FC766214F058FDD9E97C8F97144B9D0CF4C576E72CBED291A379CCFF4AFD041E55FD5EEA9E312FFE53F1B36BC9C4AF4435685EC0775308A0EF36D5F3659DC4
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<!DOCTYPE html>..<html lang="en-us" dir="ltr" >..<head data-info="f:msnallexpusers,prg-sp-liveapi,prg-tat-msnvserp-t,1s-msntovserp,prg-bd-top-f2,prg-sh-bd-df2,views-river-wpo-1,1s-wpo-views,prg-river-wpo,prg-c-visser,sh-npllmcw,prg-sh-ntpigspsd,prg-1sw-sa-trainpost1,prg-1sw-sa-distillation3-c,prg-cg-p1cf,prg-1sw-p1dynasize,1s-eaop1,prg-sh-badgewc-c,prg-fin-chl2,prg-fin-l2tnewsc,prg-fin-cdicon,btrecenus,iframeflex,prg-adspeek,1s-winauthservice,1s-ntf-hisent3,prg-1sw-blkbknhi,prg-1sw-samhibrnt2,prg-pr2-blkbknhi,cg-nat-ad-land-ctr,flight0417_4,btie-aimclickbait-c2,routentpring0t,1s-fcrypt,prg-cookiesync,1s-shp-xp-ecrfrich,prg-sh-ecrfrich,1s-ntf1-fyrvc2,prg-1sw-sa-fyrvt1,prg-ctr-pnpc,1s-wpo-pr2-hdcapu,prg-pr2-ltpacer,prg-upsaip-w1-t,prg-upsaip-r-t,prg-ctrlvidbuf,1s-rpssecautht,prg-1sw-p1wtrclm,jj_fac_c,prg-pr2-bdgendpt-t,prg-pr2-bdgendpt,prg-pr2-saupsellc2,prg-ad-article-hc,prg-health-cfstaging,prg-cashback-odm,1s-promotion-cod,prg-1cashback-odm,prg-1sw-cbcacheshort,1s-wpo-pr1-cnop,prg-1sw

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\VS90KX2J\AA12lNhl[1].png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):562
                                                                                                                                                                          Entropy (8bit):7.382724611442315
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:6v/78/gQT+n4X8NcZvd0rw2GzCFz2xw750pu6pLXh200:J+M8OZvWrw/WExA50pu6N10
                                                                                                                                                                          MD5:CC46CF2DDAB2AEF0E8992B27E187E14B
                                                                                                                                                                          SHA1:9B2D26A6F60E228EFB0F780AF55A59C1E11EEDB6
                                                                                                                                                                          SHA-256:717491CF887100ED2C330F0CB5DD7E8A71A250E0563368C305B54A159778CCCA
                                                                                                                                                                          SHA-512:8AA0545B409DE7D03738926F862C3C4E91827691B42CACE82E735186D6FFDE6CC33F7F9FCDD729ED279071FC18238F3D75A06E2C41F247400408B4FC61DA4356
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR................a....sRGB.........gAMA......a.....pHYs..........o.d....IDAT8O}SMKBA...d...'...h...2...Y..Z...Ra.A..},.>.T.h!.........L..{...|.{*]8.{.93wf^.(..A..~).......r.."v....p?.M.3.A.a.r>.PIA..*...<.~6...e\{.u..Nfb]..'{.W.sO..\6a..m....)".C.b..t.x.....2.o.`.2.....*..eZ.WF unQi.......L..!{.O&Yi.<Y....x.......{8....B^Z..\...Ri.-......Y)..C....b.`[.a..ZH.n.(.!.=.u..A.jG.a-.A.."..T..3r.*>.\R\#ya...Rxg...8.V...P..M....M. j...'...Q..8..9=#......(...lW...do.....4........D.V.k....[g...$\...B6.../....Qt.$..?.....^=.....IEND.B`.

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\VS90KX2J\AA1dLSHF[1].png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2013
                                                                                                                                                                          Entropy (8bit):7.81099098044133
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:qcPmqB8c1a5ShKNuK/z3amAq5zGQy7EFUQ9:J178ohKNuK/zLwQ9WQ9
                                                                                                                                                                          MD5:1F3C2A6537F6260FE81A7CBFF4BC431C
                                                                                                                                                                          SHA1:E779F157168D274F1FAB870C85349C9A9F9466CA
                                                                                                                                                                          SHA-256:31D6A3E91B525A985991C7B179331B814C77B54193D22E594B09018FD7AA5637
                                                                                                                                                                          SHA-512:A3004D5701D6E88D35B5F946A26D0C893D681E9F8651C7E0F0996CA85048685C37197BE975C8E9AF3825F77A5582ECEB246687851EA221837770A8DF257DE599
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR...`...`......w8....sRGB.........gAMA......a.....pHYs...#...#.x.?v...rIDATx^..K._.........n...h..._.T...c...>h.J.OD....c.]....[..4."".B....`..^..~'.>3{.......,.k..3...g....,....CX..c.0...0V..X..c.0...0V..X..c.0...0V..X..c.0...0V..d..vy..)....-j.\..V.^M^x.].._.|!/<...0u.T.={6,Z..f...D.>..........l.......b..i.QM..l..9z.....E.-.Y....Q...,//....^.-.F..............h.@..g....V...SO..+.<.>}.s...'.L....]....3.ah...l.....=.:w....q..}...'/..}.6TUU..OiK0Z..........fNQ.0..oa.....+....D..f..eT...L..T...t~..AG...3 j...0.....r.G..A[[.y>......X:..Xgg'..'.3............m.pww..*.c....E-.eee...3..Y.l.444../.}sg!..;w..'...#G.@ss3y.\.4...6..X...3.0u.b``.9v.;.e}....z..E.....aH...O.<q..'....l....r..i...K.....\,.p....I[....Z...(...w/v..u.`.}.!f...,..E,.....L\.....PK.._S+...p.O~~>.....%KhK0q.CHEE.........,...aj9g.....c.***...~)l$...g...O..q.CX#p.7n...$.'..<..]..D:.U.[.z..9..6m...$...`..p.B....7.T.[..|.2..X.`....-@..... Na..wp..I....!.$`5....ni..FW

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\VS90KX2J\AAywOab[1].png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):18737
                                                                                                                                                                          Entropy (8bit):3.2627728137161602
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:bSDZ/I09Da01l+gmkyTt6Hk8nTKkEWmHjxNXrNXNsc5MVNkvBs6c3:bSDS0tKg9E05TKk615UNa7G
                                                                                                                                                                          MD5:030939BCC37975289457F6A19A301A35
                                                                                                                                                                          SHA1:89D55A45787FE9DD547BE9CD1D97C9A8F641E338
                                                                                                                                                                          SHA-256:D5D6DF229AC67CDE4B39D275955E4A279BBD7F922855D10B44F5701E6AA3CC64
                                                                                                                                                                          SHA-512:21973881EF4C8EE777A1EA5570418439DB32EEF3B83B1FE468749B5C7669B82B19DF6568531C0155ABA929A2928E88DCDB654E1DE8F3966228C279E91C120E9E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\VS90KX2J\BBACBCB[1].png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):18737
                                                                                                                                                                          Entropy (8bit):3.2062466761310993
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:bSDZ/I09Da01l+gmkyTt6Hk8nTKkEWmIKJHxNXrNXNsc5MVNzhpA:bSDS0tKg9E05TKk6L5gpA
                                                                                                                                                                          MD5:23961A289D57B15CE78E725C8DB95124
                                                                                                                                                                          SHA1:AD22B0DF2C88DCF74C75618042809EC228660100
                                                                                                                                                                          SHA-256:0B428DC30D2F11B851BB4790799644079FD5102F760496BCEE1DDD5447B3233E
                                                                                                                                                                          SHA-512:D90984851193DA69AEF3FFA6F5F2710D230533205A190619A47F006EE9D6CE92085B0E04C23BED04269057B3620B3CA732679A1EE4F1134B6C60C7498672CC53
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\VS90KX2J\BBERG9W[1].png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1622
                                                                                                                                                                          Entropy (8bit):7.2063127622287535
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:U1hfvWwjx82lY2T3JVdpz4lpzayJ3VrpzB/pzfGtok3xWZezJLNKhhNXoYcrpbeT:aANn2NlzuzhJ3rzbzfPIxV5kh94eZfx/
                                                                                                                                                                          MD5:7B1B36B2F81E70D9C22B34EA45D2579D
                                                                                                                                                                          SHA1:E10ACB0952A31731F38D34AF1C02CD121784057B
                                                                                                                                                                          SHA-256:A73D67096CCF12F95814A2D275D992A00DA57A4A5406A76BA09A453A8B42338E
                                                                                                                                                                          SHA-512:CD23B852289F89729FB61FAE185E8CA26E86AAF128898FDD339EF6AF1AAD77A2D8EEEAA4B93C8A9687DBA73242A799601E6D2AD0C89E66C5C3F96ACFDAE42231
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR................a....tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)" xmpMM:InstanceID="xmp.iid:D3DE4F21C79A11E7BCDCA837188533D6" xmpMM:DocumentID="xmp.did:D3DE4F22C79A11E7BCDCA837188533D6"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:D3DE4F1FC79A11E7BCDCA837188533D6" stRef:documentID="xmp.did:D3DE4F20C79A11E7BCDCA837188533D6"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.9.g....IDATx.lS]H.Q....]w.u.7..R. +.Q$..z._*.2..G)..|...%.0.%(L..'...D.!.(.P.Q..u.......;..&....;.|....|....j.

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\VS90KX2J\BBI4MeJ[1].json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5238
                                                                                                                                                                          Entropy (8bit):5.318420332432278
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:rJecBCn4C5KZcDgWIsRHACuLZ8Z4D3g0W:rJeyfd6ghspAxZ8S3o
                                                                                                                                                                          MD5:866D8D7DA9A7EA6756057F9B69A2DCEA
                                                                                                                                                                          SHA1:4FE3B601155532FC73BDA51D3732BA5A5B2DA974
                                                                                                                                                                          SHA-256:9167A7B5EB917356C4175B496CC48481324ED9FD854DE91F6D0C0AEC216A08DB
                                                                                                                                                                          SHA-512:5891634061470DC18F0D82647E6B35A7CBB01BEC1A71BA178D270208DD8E6681390DFD09792915C1114B34ED7C1DA40F7FD0B7FACFA484E814E8465C9F7473FA
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"$type":"list","title":"","_isPublishingLocked":false,"_id":"BBI4MeJ","_name":"MGXStoreWebPromo (old Backfill list - DO NOT DELETE)","_sourceMetering":{"isMetered":false},"_lastEditedDateTime":"2024-03-15T20:00:27Z","_links":{"self":[{"href":"cms/api/amp/list/BBI4MeJ"}],"parent":[{"href":"cms/api/amp/section/BBREXz4"}],"children":[],"feed":[],"provider":[],"references":[{"href":"cms/api/amp/image/AA10QAZe"},{"href":"cms/api/amp/image/BB1hDfA0"},{"href":"cms/api/amp/image/AA19yQae"},{"href":"cms/api/amp/image/AA1md5qf"},{"href":"cms/api/amp/image/AA16OGZj"},{"href":"cms/api/amp/image/AA1e8Efj"}],"section":[]},"tagEvaluationGroups":{"_tagsHash":"3145739","tags":[],"vectors":[]},"_locale":"en-us","sourceId":"BBlbsHE","keywords":[],"facets":[],"labels":{"category":[]},"list":[{"link":{"href":"https://www.lendingtree.com/?splitterid=home-equity&cproduct=homeequity&cchannel=content&csource=tradingdesk&esourceid=6475206&mtaid=2D09E&rcode=10000&s2=borrowhomerate_snowflag&ctype=sponsored30&cme

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\VS90KX2J\ast[1].js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):125250
                                                                                                                                                                          Entropy (8bit):5.366459254148267
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:1536:QY0mqjfSB5TUVJTwzIYo4c/tJX+QiKCWczYxreKan5CPO4a8+DHAizsjqLZ7Ea7l:Ata5T+0K4KaQiNuF24AdsWLZ/7l
                                                                                                                                                                          MD5:4851F99F7147D56FB954D81055CA2D3D
                                                                                                                                                                          SHA1:8D7982E0B6329C0460F0EE61CCA0151181326F2B
                                                                                                                                                                          SHA-256:97711CF6D03D55D6DFA7BA68473B2D0D3C64C963463100F87F6792A4D0D080C1
                                                                                                                                                                          SHA-512:21F2B58E5FAAF45A80D5E472901A430F3FE49286694991E303939D1280716885F4A31C422411843B02A9CE9F409A8042E0A39320A4CAF0FF1F114870D581F7E8
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/*! AST v0.61.2 Updated: 2024-02-13 */!function(e){var t={};function n(a){if(t[a])return t[a].exports;var r=t[a]={i:a,l:!1,exports:{}};return e[a].call(r.exports,r,r.exports,n),r.l=!0,r.exports}n.m=e,n.c=t,n.d=function(e,t,a){n.o(e,t)||Object.defineProperty(e,t,{enumerable:!0,get:a})},n.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},n.t=function(e,t){if(1&t&&(e=n(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var a=Object.create(null);if(n.r(a),Object.defineProperty(a,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var r in e)n.d(a,r,function(t){return e[t]}.bind(null,r));return a},n.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(t,"a",t),t},n.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},n.p="",n(n.s=12)}([function(e){e.exports=JSON.parse('{"o":{"UT_IFRAM

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\VS90KX2J\desktop-shape[1].png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:PNG image data, 7 x 13, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):197
                                                                                                                                                                          Entropy (8bit):5.986656121330302
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:yionv//thPlyyta2/uDlhlp8Lts7CX9/2yx24lSXqU3hjg/BFCb0cCHxlbVdMaW9:6v/lhP1b/6TsR/R0Zjgz89CXVdMndp
                                                                                                                                                                          MD5:34760615AB0C180EB4B48739297FD0F2
                                                                                                                                                                          SHA1:789438D09CC27A08879B1A9686C82527270E7C24
                                                                                                                                                                          SHA-256:360C33D59E7358579601909D4CE91F1BCABF9E07BEB8F69D50C226D7D8F91260
                                                                                                                                                                          SHA-512:1CE7E574D45D123C6B52119907E74D71B842F1CC380D79AEF876FDBC9FDB663F385BB4191650813D2E66EFE24265FD36EC944AF95F372C0413EDCF11361CA666
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR.............e.t.....pHYs.................sRGB.........gAMA......a....ZIDATx......@.EA.`...U..1\.......X]...G..{..HU.4Uj.`..O .3;..\..!3...q....[s./.@@..p...>.`(k..2.....IEND.B`.

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\VS90KX2J\logo[1].png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:PNG image data, 1633 x 708, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):27928
                                                                                                                                                                          Entropy (8bit):7.701164569435742
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:xSufGKAfaoovahBv4apFM4lvzDpqFosGd+Up9FIK0B:jfUMve54E//fCiIK0B
                                                                                                                                                                          MD5:862D29153222B9B15C3C73B61B930335
                                                                                                                                                                          SHA1:391BEBF4BA8910B718C5516491EB1C7D32D4C187
                                                                                                                                                                          SHA-256:3EC8FA41DCE2684102F4A7B2D993388809CC2F6AE0616807CA9E3D94E6D19AC2
                                                                                                                                                                          SHA-512:6FFCB08DE27DFA571C8EF35E7F017F2871482581308C10CF38EFF9A507D02325222B899D667FC86227C2985ACA05F17C1CD33EF4163BE3442F70F8907BD78404
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR...a.................pHYs...#...#.x.?v....tEXtSoftware.Adobe ImageReadyq.e<..l.IDATx....u.7.0.A......@...T`o.f*.SA...T`...+0UA..BU.X....a,.......u..:.%..`... ..........a. ......................N.....o..z..=.....r!..^..Rr.....J..b.{..x...9^....u.^.?+.......!..kQ`.....$YNo\/..km.4.n...........1H.0\e.$]^w..K.^....r{I......0.I.v.@!...6.r\..JI..n..9W......<.$.O.0.3]...W.|..n.B&%c.)......cI...e.K.^4....ZX!......C$a..rl.x....|%..I...x.]........I..m..a.?.vml76.O.:.lW........0|..!.M..D4.%..Yt..1+......h.$........w..c.B......&I..._.e..R.%c......#..b.K...d.....@c$aZ*....&..R4.F2........0-.r..n.|y#..H.Y..VB.....P....n!......MZ..W,.E.........>V..Z.!..E.ND#{..:...\(......!.Sc..0....Dq....eK......(.$LM.i.K->t.d.g......(.3a*.~.......x.b........\V.^..C...A.....Y......@Y..)X.a.?V..L.R.^.~+......e..)T....x....2.=..y..............L./..!..:^..}.........Y.S...i.Xv.0-K.b>.p&......y.......r..~./>u.U1+........0..!.:..x]...Z(......#.....<~.....s..........

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\VS90KX2J\me[1].json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):80085
                                                                                                                                                                          Entropy (8bit):5.354394000717375
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:eSLqoE0noEr75qKG462ohV5xngCxCLaLVpFhhheZ82+vF+X15CpfqwoLHQ7va4fl:eu2umvXpfqwoLHQtRKB9A
                                                                                                                                                                          MD5:B7153E7A793C3788D5E5E1E8D8434024
                                                                                                                                                                          SHA1:F1F0CD8EFD5E37F6FC25C7E9452799D136E38111
                                                                                                                                                                          SHA-256:520FAE4B80C28116A0AE712233BF2828CD7126F089B0230D565A1D409A0E3A21
                                                                                                                                                                          SHA-512:0AED2D78A275F1651BBE84F3FB0EAF59CFA365FB868C9D48E714863A3FF559F85960B700EAD0CD15639C9FC47510E8F024DA15E4C5C2896E6CCD166410C90300
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"nextPageUrl":"https://api.msn.com:443/msn/Feed/me?$top=32&delta=True&session=a28806a5-3007-46e5-b4bd-5aa00ebe345c&$filter=_t eq 'CompositeCard'&contentType=article,video,slideshow,link,content360&infopaneCount=24&queryType=myfeed&location=47.7159|-122.204&ocid=msndl&apikey=Io4orNtwRr08vQQBER8stWzJbGltMJzMwkmiMOv9z3&activityId=7FF05383-E874-420B-A4A9-263700520B95&responseSchema=cardview&cm=en-us&timeOut=1000&WrapOData=false&DisableTypeSerialization=true","subCards":[{"type":"infopane","subCards":[{"id":"BB1k3mHQ","type":"article","title":"Putin extends one man-rule in Russia after stage-managed election devoid of credible opposition","abstract":"President Vladimir Putin is set to tighten his grip on the country he has ruled since the turn of the century, with early results from Russia.s stage-managed election indicating a predictably large victory for the Kremlin leader in a result that was a foregone conclusion.","readTimeMin":6,"url":"https://www.cnn.com/2024/03/17/europe/putin-wi

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\VS90KX2J\thS5JJAF2P.jpg

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):27071
                                                                                                                                                                          Entropy (8bit):7.968964130411443
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:S5wVkxI8sF0CM0uVNyjKx26Sar7GcsyqLLCqM+:S5wVkxI8qMB2K26Sar7VsyXt+
                                                                                                                                                                          MD5:F9084B1F2819783DEA4F7F3FD1205439
                                                                                                                                                                          SHA1:826FF0C459DA30124C1EAE054E7935974B97BA63
                                                                                                                                                                          SHA-256:CA79264F611A35388309A96CACB1C9654AE45DA6E6DA092F2324C4C7A8B2A5C4
                                                                                                                                                                          SHA-512:25C229DF827E2947C3DA9587E2406131714F90C4A2E5586AAA93BD997AEF2B084EAFE80AF87F7D81A7405A28FA7BC969AFBF4990E80BEF2E0021FBB679EA0802
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..O..T.....j@..S..NC.Z..._.z.{..y|._.4.,.7..E..6..b.x...+....YI7.=+X.`e...^.O....le...#n.0.;...../...O.\.J....q,.>Li.t>_v.N2Oa^_...e..C.F.?.K.iV3q....H.....Y.V1...E..($...WV..=K.5.......`..}...o...H.x ....In.@.3(a..6E.C...G...[....J...6.M..5...>..&...R`.L\09...Q.k......|a.......O.Y..e.Kxb...|.fT8...Mt.W..9Fq..@....]/..........xa.S..y.......T..u....j

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\VS90KX2J\th[10].jpg

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):23254
                                                                                                                                                                          Entropy (8bit):7.96601438700204
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:SS1q9N4Ok2UDwLb7/hnzIrLdu2d8oN+janMH4UFj930EvI2L/eGOPjZYUc:SScNXPzIsz2TU5930axL/nYo
                                                                                                                                                                          MD5:CF0ED08C315D53804A12D5563EBAE2E9
                                                                                                                                                                          SHA1:3B656EEA28BF489296C0172080E7A1B1BE57558A
                                                                                                                                                                          SHA-256:62084D6DBF715214233CC0EEA160AC315137FAE25B1E859CFC0FAC13D6929FFB
                                                                                                                                                                          SHA-512:6B5C6FCCA10D11D9EA943488064F07F32607F425B654EA237C1F70C019F9522B3A932EA4208A07C68BCF5AE80667792CA3381C61EB7448D521B15735CBFE1A99
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....jH.X.....?.L.@..dr.1..''...u....Z..Y.....*...i..&.2+.....c.....u.s .cT.....,..A....4s .a...i..O.6v.O_.I._....T`1.k.*W...A....D....k:.V4..3..V.9..{..w=:c.[.i+.:......y..=. .f....;.t.@.s..3p.Jx.Q......h..y.(.....nzUg.%-...I...].w.%%.....E-..7=.....|9.K8....?L7!..o.1$.q..V....;.rI].8.dmnz7>3^yc.M[QI5H5..M5K...,wH..$iG z/.y.]...k...}.....S.G..7%~...14..

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\VS90KX2J\th[1].jpg

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):10552
                                                                                                                                                                          Entropy (8bit):7.923186187560304
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:SYQ/mL+r3dR7HsNc8rLPTH3LSKKftJ3DuQ7X3o/7eeem6lN57b:SnKWd8PTH3W3aQ7o/7eeeBN5P
                                                                                                                                                                          MD5:603ECCC58050D811B3BAA5F74C0C2DFC
                                                                                                                                                                          SHA1:C85147A91C4006B06B46786F292852C9ACE5037E
                                                                                                                                                                          SHA-256:CDF5D6A01597219FD6753D5D0F877A263A3201950095717D40392A4FCB94E296
                                                                                                                                                                          SHA-512:CE9116B73E6C8A2E6AA8CE1E4EC8CB0A8890BBD38E96625B5C83967010EE191B2239A92801A2507A45D1D5B0752C2850836A981321F4B1BAB691EFC6BBE903DA
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..%........h-BH......F;f...LS..)...s..]'......1.}j.......o.Mp.......OA......f.q?...qH{yG......O.G._?..._.I.]5..?J.<Fs..&.+....Q.k.uI?.[....6.......E......)..8.k...v..._.g.........jW.*}j..#?.n.G.q.(..V.....?J.|M.....3....,=..>.1......{.z.....c..~...t..(.!~..?Z.u."5.......$zV1...F..-GY...-N:V...Gzbex.?y.?N....<.b..@.%...px......G....s.Z6.{..h...T<r.....}.

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\VS90KX2J\th[2].jpg

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):20391
                                                                                                                                                                          Entropy (8bit):7.966006706751704
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:SrW1QRQix8Kym+clqk3S1sWXzRfctSemqUBivWC8lRGJ21P:SY5KBlqk3cV1fUmDBHXkoP
                                                                                                                                                                          MD5:39D3ABB6CF93E77837240E9E80FAA8F1
                                                                                                                                                                          SHA1:F28260C8B9FA92F5F5900E6BEF50507A0945BB30
                                                                                                                                                                          SHA-256:1EE1A03352FFFE90AB808DF5D9BCBDE83378DFDEEDEB761D23020FD18D866AFC
                                                                                                                                                                          SHA-512:A5464778D0FED87F9055E18A81B3453E29E9244416BE123F89E0FB5EAF174A76416B23C9F139DE4A1ABE1F59000415D8FB8723AB5A1545F5EC98899A2B6E7292
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...J!.8.2B..A5$..r.q.).]..x.......Y]p;U...&...b.]."0..d....W.{fP..U5....v.....l>^.....X$.(......G2..*...u|.;yp.r..Gz...V.jN &H.LF.u..w....r.a...+......F+..........X....?.?.~..'.......k.<..2..%..;yJ..Q....'.T.p.U9>m....K....Qy...1.V....vbp.Q.$.W.x..v.....H<.{..9..<@.O./.G....P...Z.._...+/.x?K..eF...#-..}..2...+..*..$.c.M.nM...a.L.LV.G..+.,=...h."......-...+xG...

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\VS90KX2J\th[3].jpg

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):11848
                                                                                                                                                                          Entropy (8bit):7.9611950604552835
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:SF0iTzZ71OJJr2PxitbI3Pp8NjemBc7bP3BR/cUZCfezRVTkPGzDta6X3v4BuS:SF0eA2PE83PpiBmPTZCfezRVICnXf4BD
                                                                                                                                                                          MD5:83E681435AC8C7293A550BAE75372F7C
                                                                                                                                                                          SHA1:AF62F3A28F2429A3A9846DAAF3E73A51DAFBFABB
                                                                                                                                                                          SHA-256:C36DE95EEE13BD10F93DD66027ACEDA704719A2F7F5FE3C2E2D99D7BB9632CD3
                                                                                                                                                                          SHA-512:92C11ABBB077F0D4B9E5457109FA4F0EFAAFFD4054D7237751A4C527CB5EEB85BD1CFC40541CFF70A950D7584BDEEAA9F1ECCC9087408D36FBC28F1804A2E453
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....j...i...oZ.#~[l(.ZP.u.s..M..2.|..cq..m....0..#8U.j.M./A.>...C..|..........{..Q.6..?.G(.#.k.....k"G.....m.kH.....z..@...+.....O...#Q..0i.S..Ef...9.~.O...=.)...~Z7..p...R...i..@\.M...Z@z..j.N.q.....5.E'......+.B.X.E..VV..4.K..M...|..<..f^}1S.X\.h.....u=.g.........y[.y.?+...{...J.i...\.1Xt..u...3C.~.~.2...u(u.5A...n,~..7/......&>.5.2j....O.h....5..Z..I.%

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\VS90KX2J\th[4].jpg

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):25184
                                                                                                                                                                          Entropy (8bit):7.952752854312283
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:SlJNYD0tUkd72HZ2gK+0AbrH1/mkJLWej/a:S/W0tjY/KXApVJLru
                                                                                                                                                                          MD5:0DF9E656AE3B2C833CAB123BA2D03AFE
                                                                                                                                                                          SHA1:4142CF90DA51BB1CD9FD0845F8CE78E347C9CC86
                                                                                                                                                                          SHA-256:976A8CF45F42D4BDB350683FD5AD59794D01270D7EBE83042DA08A4AE4FFFC9E
                                                                                                                                                                          SHA-512:7D2FB24967383E28D13418623FCEAA6429EF1D6681587370DC0D6D3D0620569E61153D56A93322ADCAFBAA4DB99C42187CC9E3F51D92FD66436627B3F8D434E3
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?......x.S......#C-...9.V@J..p......k...h.&.....B.y>........Mc......#.L"G.!v.>.!..r.8...{.P..m3C......?..{0...7.v3.|....J.mv|>^.j.b..J..M...^..P........\...8U... .z...I........}....q.q\x*...=..{X..B..{..nu>.......~..}.>e-..9. W.i..<7.=.E......m0...v.C......o....YN...Y...x.B......G..T..........p.R..(........eX..M)....O.>...~..oP....Y....|.J0p.c.Z...<?${......>n.

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\VS90KX2J\th[5].jpg

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):6588
                                                                                                                                                                          Entropy (8bit):7.918803141169136
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:SEVItlxwH+VF4hDIiraUDJ0JP1C+1Y2ghiD0gcp8EktTGhwFYRAjnk8luiC1hg:S6Itlm+4Ssa6YNi7Dp8EjRICg
                                                                                                                                                                          MD5:B80CC13D091B6930F04AA67CDC1DD890
                                                                                                                                                                          SHA1:FD8F0F6612590B5BBD49F096A7016F8652331940
                                                                                                                                                                          SHA-256:FDF5756DE9B5037FC16A89B05B1A2EFCA5258C4B6DF52C2EB6206401B8626E3A
                                                                                                                                                                          SHA-512:B6B292FECC9BD448AD78A05F8A04F933D7A14CE88B5DFBA9156FDD33A47517FADF8F7FF911E855C46EB8F2D459801EEF1B95FC229EE37FDD3E8EF83FE9B79611
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....."}.jT......l.)..Z.>.d..c..).N....(.X.."..,;.4.R.P ...d\Zi...!.ZL.QL..A-.).-.w.:...Y..i.K<*.Ry.;..U.....&..*.$>~G...E.....~QKy>..}=l...|p.%....u.......x...b..R.Y1s....e?.k.f.Z.Ny...rl$`.(........\E[.*.+{8..R.Iv.:...l{......Ri.....>Q....WO.,.,....*.r.z.85.ih:...K.O..5..9F....<?..BV}.....I.....3J*q.hh.i..N'.S.....<Ch....@.#...y}..tb.f.....?r..L.g../

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\VS90KX2J\th[6].jpg

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5538
                                                                                                                                                                          Entropy (8bit):7.84599731244865
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:SEMv8C3ROWlrOIedHrlm0sujsnVCQANd1ZY6paNNvI+3cHA0vwcoQ92:SzvznEJBjGVLAPHY6zAqPBoQw
                                                                                                                                                                          MD5:5CD7D4BF72B784BA88467C03365617D5
                                                                                                                                                                          SHA1:A03302E5E5BA4C3833E28CB8977BB6B376AD37B8
                                                                                                                                                                          SHA-256:9DC0CD91C702033E5C626C39FC0EF9631F3E2ED93417297116B5FCC299076A0B
                                                                                                                                                                          SHA-512:4E0FA887F6D42CFE663528C96FFCD58A34EAF6854FEFA4CA38D380F7122BD3AFD2A6D915E6850C57C48BF3F1D7C9446D8AEF25B6D8B8DA4CE8CB370628A971F0
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?......(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(.....k..."yd...".f'........|C.2..c.<..G..j..R+.F*..<.d....X.r..z....^.../.B.&.p..>jY..}....c...9...S...<.1....\..2.;*....#........?.y....xO_....M..2e.y...$.A..b.:u!R<.w^G.Z.Z.......QVd.QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE....=.P.....1...

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\VS90KX2J\th[7].jpg

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):11796
                                                                                                                                                                          Entropy (8bit):7.952526012227326
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:STjD6zg6+JdtPiqaRjH+TO1H++r6rx1mZNMWhNBPTelqpR2LJMB6aS1joQpBl:SN6GQ+a1H++rCxMZNMgPcuR2LJMIaSN
                                                                                                                                                                          MD5:B3F1A1E0B55974C26B559C11C261DA60
                                                                                                                                                                          SHA1:FC8DFBBD69FFF64F6C74841543C3939154890BF8
                                                                                                                                                                          SHA-256:75CE49CEFD4C525F2C976B5C625F551301B7BAD4A7B2770A668AE4990A30A441
                                                                                                                                                                          SHA-512:FA6F4657AF71E5FE78D1CBB294B265E0D79C580E8BA18A6734900501A021D3AF787E7991CA7A7A50AED9013F956BEBC0BC412F3DA4C9869AF97888E9B184109F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?../......}i.k.k...4.....;..D..Q.N....0(..c.{T.......-?.5J .@4.).z.U.!..i.....JU.u....r....Q.E......m..|?.B........\...G.+..2..8....t+Ak..;4......0$...H...J.(e.././...=...X....D<g.P...4.$.7.Fk7W....1......)...L...x.tvy.H.U.'.l!Y#.I.=3T4.;L...>....1e!..rGq[Ehd.e..'8....U..o....j... .e\...R.p.%#.b.#.T..n$1\..J...H.e\d.j...Op....08.2BbL;rG..h4../[.-..$..@..}..

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\VS90KX2J\th[8].jpg

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):14391
                                                                                                                                                                          Entropy (8bit):7.948635692799031
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:SqPixVG6WwY3+oCAlb5fSiZ3ktzcalpzrgQS02J55Q83pL:SqP8Mlusld6iwJMQh2J55Q8t
                                                                                                                                                                          MD5:84E981E8A4BE627DBA3C8A2A3ADF9635
                                                                                                                                                                          SHA1:C0F054675469B62F80F219CAD99D019862A84A4B
                                                                                                                                                                          SHA-256:C16BB58B1EF7D3FDAD7B3C32C378904F8CB518BE1D4C136D0B50F5F55D1B6519
                                                                                                                                                                          SHA-512:4C920DAE574F4ED493A4441112AF489FD9D11BCB85349C86D095FA3D51E715F9BE0D6F1E4F2ED662798F3655459E4736CD6B0D012CC1FA28EB5A96F7A0B2DE53
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?......;.\M......v> ....u.>cTc..M..^.c..{..,.X.^....^>.P.X'..x..^y!.r6....;...Y%#..+2.T.V...w>...P..B.[..r...f......D.h.)e..\.X.m.Z....9....2.$.$\].1..F........6.^.N..j...i.'gU.\..4%.m<..f...k.bS...O.....s..m..8....f_.=....../.......:.w.!.<.W.^..J.c..p.._W..!...8H........v..z...x.d..Y...f.....1nn.r..w?.x]..%..0.......U.)....T..ww...p!...WPy.$s.j....JV..

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\VS90KX2J\th[9].jpg

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):15712
                                                                                                                                                                          Entropy (8bit):7.937633822610293
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:SLAgU0dsnhF577s8ge08sTydDtMpPwltG3L+am:SLA2aRL08VZoPwu7+am
                                                                                                                                                                          MD5:04B29BB4A417D987238D31DDC83D8DA3
                                                                                                                                                                          SHA1:659F9F2CE902CE7EFDC879B3F8B6B3615243A01C
                                                                                                                                                                          SHA-256:D2254AA8114B043780753F5CA12E40FA19EEA1EC16F1054B19E836752F0913F8
                                                                                                                                                                          SHA-512:1B9DC94189730F865FB6C687BBD404202CE5CD5BB79D9C90FFB5BF4AAEDE1B19DE2ADF9245025181D50717B9207BF3F36E29F3C4C278B1CF52231010D0A05F90
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....Q.A...~...".._.....2)2)..G.h.2)r(......8.|..Q.}.../.....-..[.6.....9&.$.+ WB.!./$......C_.~.W..?....u.*mZ.;M8..W....Mn......;./e .M.i...~2O.[..j.'..[]B.;..t.o".8.H.S.F[#q.X..q.......+).t?.Y.E....k....._j:.B..2.9....}{..k.U....Y....u{....g..;..\2.\......~...4..S......Q........w<....".l.*U1UiU.m9Y.o.5...-;..+.^..U.J.-t...k|...Q.#....o..>...$.F..D..H..#R....2.

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\Y7F39W73\AA10QAZe[1].jpg

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 275x157, components 3
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):16384
                                                                                                                                                                          Entropy (8bit):6.711996485767956
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FI9kc/1UGNCyluNqq0SPrZ7u56uRf9cgQ5j:FGdUZyluNq3aZ71Gf9cgQZ
                                                                                                                                                                          MD5:01FA4C58E0E73B9C80F6D7F5D82E0415
                                                                                                                                                                          SHA1:53493A2E6349B9D033AA529BE13292929AA4A083
                                                                                                                                                                          SHA-256:438FD5C271BE5FA32889D99A7F97280D764CA34A83E509C8BEECCCCD31BB76A6
                                                                                                                                                                          SHA-512:E2418BA0F9B7C1434E7E75013D305F8D5B99B9FE57BCD31B1CF084D32AA79813DB04EBCEE24DC70598A5AB093512A8E0A4E1B032BC36A556FE46B025EA66BD68
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......JFIF.....`.`............................................................................................................................................................................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....z......;.4....-..a....i...b...P.q..ZV..R@&.C..-H...a..."(,...@.I.@./.^..<3.6..|&c..........+{.r...n......x.......+...]....Hm.H...:q.'.z.E.&...!..y.}WW........Yev....T...5..c}5..Mm...!......f..z...?h........<.@.-...?A'#.5?.^...O.#..,<Ky....H.[.!V..~........J.....>..E....+...A...&h.M..}...Z.2h.(...!...u.....!'...b.2..j.(.(..w.=h(;.1.4.(..h....K`..KP... ._.X.i0.8.............

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\Y7F39W73\AA1lLvot[1].png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3532
                                                                                                                                                                          Entropy (8bit):7.898834558255451
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:C/6rD86PqmSUC2jKD/YDIkYCsPC7eKckLHvis8aVyt51nl648svBInwA9NunIbQx:CSrXzC7jY7l+U/ckLPiaG79vQMXYRLu
                                                                                                                                                                          MD5:47D01EE8DA7EF964B63B713A8562EB5F
                                                                                                                                                                          SHA1:742B956BD1BFEC102353CBE7050A99B8046A1A50
                                                                                                                                                                          SHA-256:FCCB19F39DD8A2AB0B87B212A020B5B61CCC954505DC8DF3799D9779382F0E4F
                                                                                                                                                                          SHA-512:BDBB9A109E4E39B885A40F91A5E2183443036B4B84B014F6A857645FA622DCA3A59C3B5B4BE100174E609216E795D5E01E4F04FD83BE490648571AF8358589F0
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR...`...`......w8....pHYs.................sRGB.........gAMA......a....aIDATx..\.p.....>..."$@.+.....@|.8M.....2...@..../D.2.QQpFh.%..Z.I.[..tL.P..(..I..bB...l..M......._f...=......s.F.|m.lH..lH.M.d..H.M.d..H.M.d..H.M.d..H.M.d..H.M.d..H.M.d..H.M.d..H.........8i^.A3C........}. ..-.....6z!..\M.2&Q.+.|..j.:C..*....:}M4\...%I..)..&2..B=#.8.G....s.'..7..1...=O..x...?..aA....;UW[XDQ.`.2S...Y[......l..$.....'Ew[......^..n....M)N.....X.w.u;Z..,fQ.o.S...v...S.,$.O@.If.(...#3...dC:.3B._`B.uF._`T.$...ihV....h..d2BF.....!.H'...D.$.;....k_.t..Y..: .:.A= ..*g.&............rK.m5$.CF..1]...a...o.;.`S...5._;T.K.....:v.K-...lN5U.:..4...K...+.....4.......e.i.U..`l.s.Pm......Z.?....X.5Ac.@...57......U....K.[.p.`.._.....).....'+ai...W.tZS..m....6^.u.X.3...@T;...ic........._..|...)|....s.......R..ZXG.wHW.M3..h|../u....^................Ku].....Q..eO..P.....v0K...q.....I6...../....|...e......i>..v...v..v...BL.A..X."H[.K.. .=^2.;z....9...d,..G.5.....

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\Y7F39W73\AA1md5qf[1].png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:PNG image data, 300 x 157, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):68226
                                                                                                                                                                          Entropy (8bit):4.959739580335679
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:7inNt2J9v3/sNjhiVb2f1EdPBq2y+Ce7x6GrheHNBnh:uzesNtiVbS1EeKXlP9i
                                                                                                                                                                          MD5:D758A4D3C931CAD8EF0B73C7D69AF611
                                                                                                                                                                          SHA1:3A6BB6F8970AEEA8B5083DACDD6821D33C30F28F
                                                                                                                                                                          SHA-256:E8D0BEA18834B33660AEE69D84FA9D81C90F14A81A2DE0A9FFDDF4B863BF0B75
                                                                                                                                                                          SHA-512:B2548804638C76EA28F6FB7F7667F014E4E7D44C3735F6096A85EA9AA9CDFCAA27F4C5EFF2AB8FCEF20EC150BE2F3276AADF2DEF798A747AB4B0FB6C7A1C0C20
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR...,...........E.....pHYs..........+......IDATx....&iU...}o.{.v.t......!..+H....0..UTTt.U?"."....u./......"A%..&....nw.|...~.Su.N3CX..q..oU=....s.s..D..6.#.@;.g...XmhG...v...#...=.1..lG...G....=hG...{....u.yTmG..hG.....hG...{....u.yTmG..hG.....hG...{....u.yTmG..hG.....hG...{....u.yTmG..hG.....hG...{....u.yTmG..hG.....hG...{....u.yTmG..hG.....hG...{....u.yTmG..hG.....hG...{....u.yTmG..hG.....hG...{....u.yTmG..hG.....hG...{.....y<..<....pz.0...L....h..@;...#......N'.....wFL\..../G..?.1X.N..c.+d.U.....6...v.>..h.....F..h..zJ..G...C.).%.......I......lT... .$.v2........&.0k..<..q../..#p...........Nt6?=......:.N.K..X2.V..q.&9..1~A..9.Z..u.+.....9_.C.....-.js.^..`9:q.Ck.*G..iG`m.Z.Z...N.....,.S...U.$9...N.U.V..p@.L\W..M2..Y'9..\.z.F."6..6.`.z.p.K.l8.K....!n.bf..%.&...:....d.^sR.b..mr..v..c.@.Xw......K.R.......z..[....ED..qLp.#....IP|$TpX....'.....Yw.s._...+.(nV..:]..V.....w...A.....<]..C[.......M......#...]<..x1.N@..1@.dtGv.^.r.X.. .pbd

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\Y7F39W73\AAPZ3U2[1].png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):6630
                                                                                                                                                                          Entropy (8bit):7.9537236099118696
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:CSWvHqMVv13qmraixCBnHaL50czYc54Jr7LLcz:dCqq9qmaixQnHaL5z0mer7LLi
                                                                                                                                                                          MD5:93011BFCE422DA1B687766D7F67784DB
                                                                                                                                                                          SHA1:220256C98AE1A8D73690B9A62A7AE908781F71FE
                                                                                                                                                                          SHA-256:D3412A156F0B424627402E8554C564A1843A0B47A81D7C6703A320EB230B6FC3
                                                                                                                                                                          SHA-512:E51C4F9CE5EDB31DF0AD66D3453057D06498606DC3E8C8FE1DD57730CE8EB591D0B1338CA981024602D704B7C25D4C4B638D5DD6B8DB54C1795AB7695E4CA294
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR...`...`......w8....pHYs.................sRGB.........gAMA......a....{IDATx.....$E...B..8.9w.S..www.Np.@p.............O...dvafwy.2.....U.[.N...Q..L.F..0J.>.(......3....0J.>.(......3...x....3.<..............K.>.l.....x.............../.C.=4m..F.......8....W\.^{.4....O....v.t....u.Y'.....#.H..sO............~...s.I..._.[o..&4...p..o..<..4...;.3.|.............~.U.L:....f..w.S.1.A...N._....D.M.W[m.\.=.u.Q.+_.......~..|.G.W^y%O..s....;....O ~.y.+w.._L{.g....g>..._.2.......C..P..........^...{.4....O}.S...._.b.)..^....?........hUC.5...}.c..+....,....j......i.I&....'?9,..x.t.7...^;.}....u.].6.lS.~..'.A..T...B.1.x.....~K.O9....u.]y...<..c.W5/......5...]v.%?...C>w.....3...a..^8.:...3..........?...C[..u}(..."..{...m.]......_.......?..O...N.E..7.|.>......(/....7..M..-..W.).%..k_..3.......^.3.4S...ik..F.>~.>..J....z.J..|....?.i..k^f.er......W....r.\lL.A\../}.K..;.>.......J....\TQ.v ...........l.Y?..+".P.(.<O5.T-D#.

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\Y7F39W73\BB10OHE9[1].png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2866
                                                                                                                                                                          Entropy (8bit):7.823298649864203
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:KNo7FTMJI7f/cvDb427U3/5JaALY8z9CBfmRtHBGaXudrqKbbe4zEOg1YY/puiZn:Ko7FbaH4J590Q9CBOHhGaXudrqKHe4zA
                                                                                                                                                                          MD5:495600D29BFD03E8DD412FF39F5B2726
                                                                                                                                                                          SHA1:705620FC4C594D3E88CA4B5ECBC663616BA1F9BD
                                                                                                                                                                          SHA-256:98DA4334131852FE3FC727AE28FEECE55016295F5EBBD5970A0B4398400792AC
                                                                                                                                                                          SHA-512:3A30378EEB5B465656AC587DF43681C2C71A619CC591F698EED2A8703A541C4DA3FFEA71E122DAD4ACFD766EC2CCEDA9B533E3438CCBDD5622A186EA162ED7ED
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR...@...@......iq....KiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c142 79.160924, 2017/07/13-01:06:39 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about=""/>. </rdf:RDF>.</x:xmpmeta>.<?xpacket end="r"?>..`.....IDATx..iTSg...I@P....&4U.`..V.Z..mG....}.*...cg.L-....6.@m..X.\+..j.Q[Y......I..$<.A.m.s../.C...{..y..w...<o.FD.?..j..-..j..-..j..-..j..-..j..-..j..-..j..-..j..-..j..-..j..-..j..-..j..-M..b6..@.fM.1.5....FC....m..nG....O`..ID,^..c.......b..CC...X,.4Z-.....AA.Y....?{....GuU.Z........8@.....q.:..............(y.....@Xx8&..........(cG....2......F.c.l.EL...~....,Z.@L...Y.J....d0..`....ys.(1..........1..2a.{R...2.....D._.&.Q&O. O..8e.e..J<..I.5g.?SL....'....?.j..<.^^^x{{.....V.. ....>7.[..Wu....o.....<\\t....*9nnn.:..@....J...._.`_.^l6.|.5;...PQ^....#)3Z.f.'~E.B\\\..r_n...gcO.<<<..Z...j.o..!..Q

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\Y7F39W73\BB1d0ujS[1].png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:PNG image data, 96 x 96, 8-bit grayscale, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1113
                                                                                                                                                                          Entropy (8bit):7.727456978400816
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:6CdYQBAcBrSJs9tION6Gvx8nwpIZ/YCq46Ru3Nqm1NL4nz:6cYQBnPtLnx8wY6uJ54nz
                                                                                                                                                                          MD5:AF5A688C4ACBA6C2E57518F2A93A36EB
                                                                                                                                                                          SHA1:0FA67A1240915DBC819962263F2EFCC4380AB4B9
                                                                                                                                                                          SHA-256:F5B1B30384C129ED683EC4B26BDC18D8EA02B58155B816CC1B646ABACFF06E53
                                                                                                                                                                          SHA-512:4B17038A0CD1CC6491FBC9F13B090E64D0B99BF55CFF69CDD85BE73E9784CC55CCEF7EF39E1BCF6660AAC6763B98D1FD6F840462C0E85D857F9CF97DCDBB6204
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR...`...`.......(.... IDATh..IlMQ............J.....",.......Y.Z..HQ!] .....!R.`.j.M.t.hZ......g..n.p.;.yz....~....w.s..,.HC.+#...vt.y..?-(...{'.v.g.;`.2.6G....o.v........Ne.t...mr.:..1..P.s..N|z/..*a..&..'A.x(.l#.............*.|......3]......*..:&W..AG..L..&.Ep...1W........O.,@`.......9..vX.....t..{R.W9>....`.y..........C~."....=.7..#&`h..V.O...Z..Sv...SXs.D..].P...L..].w.4.:.......t(..T@.,...l%L......*...b.%8..Ze.T.U..X..,...\..9...a.\..{u..0....x.[gY......R.#...:.U`......."..yR..c..*H..q..0B...."O......*...q.L9....x....+..b...j.B;Cj.....I..@K.u....u.2.....a.@i..=.......N.....S...=...z..}v.....*@..P....S"...P.|........$..@;..1........&@C..*.......0r....p.3"u.+.!..Ur.....~.*+...YdW"C...-#"Z.....g...+.6)..3,.p.6.K6..5CA.qx!=[.-2...3..... T ..w.OY..t.`r.........m.....S^m...`....L..i.4.........l......G...F.%..I.5G....w...x.....o...v.....n.l./.(.........u.9V.....Q..Nu.@.i.......?.T..n.{.}..x..e..rGS.o..>RXL..f.3@.......u8....yGS.

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\Y7F39W73\EWK7JKBF.htm

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:HTML document, ASCII text, with very long lines (58744), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):190710
                                                                                                                                                                          Entropy (8bit):5.459713000724236
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3072:p/EwRNFb4/WDMihc/h5Nyh0lCOpIS/xYy:qwt4/7ihcHNyhICdAxYy
                                                                                                                                                                          MD5:491104C2A8DD96D748CE8FCFC56B901B
                                                                                                                                                                          SHA1:91D4E71BDB0BED5AC75A00FE501074C28F4F0177
                                                                                                                                                                          SHA-256:793C49AACF341BA2C16701138A0A02019112E4594DD0998E21F2225F051C3BEB
                                                                                                                                                                          SHA-512:8D6263AFE101054A478F99B5123A10365D9901CF6709A4B555A069C2A0E14226D559BFC111F77779BFE11BA28C896284085B9FB98A4C297B3FA360BECDC730F4
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<!DOCTYPE html>..<html lang="en-us" dir="ltr" >..<head data-info="f:msnallexpusers,prg-sp-liveapi,prg-tat-msnvserp-t,1s-msntovserp,prg-bd-top-f2,prg-sh-bd-df2,views-river-wpo-1,1s-wpo-views,prg-river-wpo,prg-c-visser,sh-npllmcw,prg-sh-ntpigspsd,prg-1sw-sa-trainpost1,prg-1sw-sa-distillation3-c,prg-cg-p1cf,prg-1sw-p1dynasize,1s-eaop1,prg-sh-badgewc-c,prg-fin-chl2,prg-fin-l2tnewsc,prg-fin-cdicon,btrecenus,iframeflex,prg-adspeek,1s-winauthservice,1s-ntf-hisent3,prg-1sw-blkbknhi,prg-1sw-samhibrnt2,prg-pr2-blkbknhi,cg-nat-ad-land-ctr,flight0417_4,btie-aimclickbait-c2,routentpring0t,1s-fcrypt,prg-cookiesync,1s-shp-xp-ecrfrich,prg-sh-ecrfrich,1s-ntf1-fyrvc2,prg-1sw-sa-fyrvt1,prg-ctr-pnpc,1s-wpo-pr2-hdcapu,prg-pr2-ltpacer,prg-upsaip-w1-t,prg-upsaip-r-t,prg-ctrlvidbuf,1s-rpssecautht,prg-1sw-p1wtrclm,jj_fac_c,prg-pr2-bdgendpt-t,prg-pr2-bdgendpt,prg-pr2-saupsellc2,prg-ad-article-hc,prg-health-cfstaging,prg-cashback-odm,1s-promotion-cod,prg-1cashback-odm,prg-1sw-cbcacheshort,1s-wpo-pr1-cnop,prg-1sw

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\Y7F39W73\common.8654406504af07aa9c45[1].js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):285989
                                                                                                                                                                          Entropy (8bit):5.423856930260713
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3072:6I1jRk43G0L5LqGMJZyjZVOSmo3/qziV76+2rGK8yhxlFQ/uMB+X1sSU:6toPeiV2brGxuMHb
                                                                                                                                                                          MD5:18DA63C0A02C46A707E21BC344C23D30
                                                                                                                                                                          SHA1:E840BC9423CDCD3E7D38A8E569E5D10CECDD0E83
                                                                                                                                                                          SHA-256:57B2ADAD8E860A8F24C8F3888926AF0C3A04C2CC21CE1C13F9AFD8E363B6B5C2
                                                                                                                                                                          SHA-512:07218829A787C943D55D49B0E8534FBCEB2F590E35AAFBA4BB43052BE4717C7067ED83CAA04B329E33C6F1AE897D2FE72AC178331074836561B2A471A66B14AC
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:"use strict";(self.webpackChunk_msnews_msnews_experiences=self.webpackChunk_msnews_msnews_experiences||[]).push([["common"],{54085:function(e,t,n){var r;n.d(t,{p:function(){return r}}),function(e){e.Desktop="desktop",e.Phone="phone",e.Tablet="tablet"}(r||(r={}))},21290:function(e,t,n){n.d(t,{GB:function(){return u},Km:function(){return l},Oq:function(){return v},Sp:function(){return g},Wc:function(){return d},_d:function(){return p},cm:function(){return h},e_:function(){return b},kJ:function(){return c},oH:function(){return m},r7:function(){return a},yG:function(){return s},yL:function(){return f}});var r=n(33184),i=r.z.Alert,o={build:""};function a(e){Object.assign(o,e)}var s={id:22010,severity:i,pb:o},c={id:22011,severity:i,pb:o},u={id:22012,severity:i,pb:o},l={id:22014,severity:r.z.Critical,pb:o},p=(r.z.NoAlert,{id:22021,severity:i,pb:o}),d=(r.z.NoAlert,r.z.NoAlert,r.z.NoAlert,r.z.NoAlert,r.z.NoAlert,{id:22027,severity:r.z.Critical,pb:o}),f=(r.z.Critical,r.z.Critical,{id:22031,sever

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\Y7F39W73\experience.1287eb605f92d676502d[1].js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with very long lines (62058), with no line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):234686
                                                                                                                                                                          Entropy (8bit):5.768283217926616
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:1536:r7c/ckbS2b/pVQAWjhw3d3qWnQHdRJg7hJ5BjHnatGJNyWVzskPNjlqAGu/gzxKb:fvkbPug9MmyWsard/KJb1rNA
                                                                                                                                                                          MD5:6AAE93A7CCE3FE8BC016C5F4831472DC
                                                                                                                                                                          SHA1:5FC3CE2919A27837CD1848084413E965D658A645
                                                                                                                                                                          SHA-256:B650CAE4BA73157B7C226CBF03D86804774B35563BA24B79AF644BD45F749FBD
                                                                                                                                                                          SHA-512:ADD7B13ABE7B2AA799263217AAD8806C607B3D384E151C69E47F81585D15C637FC16C4679A258393AF6FF89E26325AB61F5FE06278A5A7CC1996BB74EF412042
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:!function(){"use strict";var t,e,n,r={12451:function(t,e,n){var r=n(8460),i=n(2132),a=n(82589),o=n(9925),s=n(96838),c=n(56595),l=n(54616),d=n(82512),u=n(98182),f=n(8488),p=n(30786),m=n(4108),g=n(23159),h=n(65212),v=n(87738),b=n(54085),x=n(3460),y=n(91898),w=n(42390),k=function(){function t(){}return t.trackCallbacks=function(){switch((0,x.Bn)().currentColumnArrangement){case y.K$.c1:case y.K$.c2:t.viewType="size2column";break;case y.K$.c3:t.viewType="size3column";break;case y.K$.c4:t.viewType="size4column"}return t.viewType},t.getTelemetryProperties=function(t,e){var n=!("false"===w.c.getQueryParameterByName("enableTrack",e)),r=w.c.getQueryParameterByName("ocid",e)||"hpmsn",i=u.jG.ActivityIdLowerCaseNoHypens,a="0",o=!1;if(d.Al&&d.Al.ClientSettings){var s=d.Al.ClientSettings;"true"===s.static_page&&(o=!0),a=s.browser&&"true"===s.browser.ismobile||s.deviceFormFactor===b.p.Phone?"1":"0"}var c=u.jG.CurrentRequestTargetScope&&u.jG.CurrentRequestTargetScope.pageExperiments?u.jG.CurrentReques

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\Y7F39W73\microsoft.afc9b4502f5cf6f88cca[1].js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:ASCII text, with very long lines (65448)
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):94620
                                                                                                                                                                          Entropy (8bit):5.4076498069548435
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:wYqLAnwLD2AFtbo2k3DG5wsxWkNcdJ/r3LLnt9+tISGtOMHiYnEvlwXLnt+79VlU:w7L37ivM1WkNWnt4KClwXLwsoxsE+
                                                                                                                                                                          MD5:095130BBC3EEC571FCE0F8B59513E250
                                                                                                                                                                          SHA1:391DFF8E9455FA291AF53500A60BC955B4E586A8
                                                                                                                                                                          SHA-256:F834D3999811C38EACD96A27AFC0B913B38E84BB68D14D3F6DDF815C7D1ECB3D
                                                                                                                                                                          SHA-512:35101C2CD26FFF76719977B4A99D769A0713B23BF874E43649F4EB6699E0A01BA74435A870C7C02B56DA1C928417B66EEE019B9B1ED3752F06C95CA8770D3E1F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:/*! For license information please see microsoft.afc9b4502f5cf6f88cca.js.LICENSE.txt */."use strict";(self.webpackChunk_msnews_msnews_experiences=self.webpackChunk_msnews_msnews_experiences||[]).push([["microsoft"],{39115:function(n,e,t){t.d(e,{Z:function(){return M}});var r=t(68897),i=t(44611),o=t(89734),u=t(98693),a=t(38629),c=t(64648),f=t(73966),s=t(64973),l=t(26105),d=t(46540),v=500,p="Channel has invalid priority - ";function g(n,e,t){e&&(0,f.kJ)(e)&&e[c.R5]>0&&(e=e.sort((function(n,e){return n[s.yi]-e[s.yi]})),(0,f.tO)(e,(function(n){n[s.yi]<v&&(0,f._y)(p+n[c.pZ])})),n[c.MW]({queue:(0,f.FL)(e),chain:(0,l.jV)(e,t[c.TC],t)}))}var h=t(27218),m=t(24200),y=t(92687),S=t(28055),b=function(n){function e(){var t,r,a=n.call(this)||this;function l(){t=0,r=[]}return a.identifier="TelemetryInitializerPlugin",a.priority=199,l(),(0,i.Z)(e,a,(function(n,e){n.addTelemetryInitializer=function(n){var e={id:t++,fn:n};return r[c.MW](e),{remove:function(){(0,f.tO)(r,(function(n,t){if(n.id===e.id)retur

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\Y7F39W73\thELYPS5RR.jpg

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):13336
                                                                                                                                                                          Entropy (8bit):7.955090961654166
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:SkvJJGQPZQsZ2MHpeOehqhMEo3u7Mrzj/1EG16zGGinN3sXNc:SkvJJGQPZQsAQeOa3N+7ejWG1iGGinaa
                                                                                                                                                                          MD5:17B9AB420F0D28CA3AE8892D7AE19361
                                                                                                                                                                          SHA1:97168CF5E3750C36A245BF22C6139E5ACCB07C23
                                                                                                                                                                          SHA-256:EA8676D3AC1B0CF762DD2227E04126DF79D6B47D32A22FA5CD05CE7406A7AE16
                                                                                                                                                                          SHA-512:8E8B403F2D708139B765CC818586220F735BB94DD8A79864A2707A586193198798D954B1BD9AD9D746A577C5EEA992A28DD0928D7928A03281ADADB9AFC9D1E3
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...U..[x..<....V[k.U..0.n...Y~....|>..4n..<..P..c..f...i#d.&Nv...uS..O.u&."s..C..+.6:V...#.....S..|7o..5...8.A?t}+.|}..mA..J.Ebi.Q.1.0....o..W......K..[..6...W.[x`x....y...........'...j......u..f...j.t.....J.......Mi...pq.....i/..........y.Sh#....O....k..[...#.y.g...z.R..NH6.&.{.M.0.Up.Lf..J.~..|.._/.5...utK....5.N.yjt!!u;.=k....=.....;M?.V..Y..L..V7.....3^..k

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\Y7F39W73\thIO0QHBEH.jpg

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):7875
                                                                                                                                                                          Entropy (8bit):7.928520544129559
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:SKQ6jDxk3YHsSlaIuMHM53t2lObbTsVa4p+:SKQ6HxrMSlxVHq3IYbfsEl
                                                                                                                                                                          MD5:C3C6DC505756BD3C45E2005C050F035F
                                                                                                                                                                          SHA1:E46F5D02036E16427B832FD8E202EE292263BEB5
                                                                                                                                                                          SHA-256:CF043FB2A11AB855A53BEB4E298513894EF4B32A2779E5FCB4431159A884CD26
                                                                                                                                                                          SHA-512:C5418C6CBA76BFF5D86130764DE2227CB5F692BA56DEEB7FF1F79FDD32109E9147A697449AC6E1A95AC2AA1E904386B82EE35250EB172ECD13D179148BF2D92E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W`.V.......=7C.(%{..v....s.........~...........+:k4=M...s...>....q'c]-......l=.t.+........p5.k.....7....S.....Hfo..NqR.F....XR0......u......SG.*y......4..h...{u^H..o-....o..iZ........C.@......e.\..5j..F.......i.k2.Bj.:..1...tH....r.W......r/..5.a...+.U.1K...&..........u...zb..j..(R.5c..T.g......5.4.g.TOq.l.FT:.5f=.Tt.(n.........b...).GU.*.....T.)..

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\Y7F39W73\thKNM7OKH2.jpg

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 620x304, components 3
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):79752
                                                                                                                                                                          Entropy (8bit):7.964623283022707
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:1536:RT/v28wSXB7nr0bBPmMqTSSPf30XF5aSX9hs+AQJDC+f33xdGv54FQ:dn2/Wp++Metf3wDaSX92+x5C+fnxW
                                                                                                                                                                          MD5:576DB5E121F8CAF13ADED21EBAC9990D
                                                                                                                                                                          SHA1:D88E7683B042884462FB6E70D38BA6C11A439CD4
                                                                                                                                                                          SHA-256:51865C1F65377B6534710F62542E758EF011BD505D5FEA627B809BFA4C138019
                                                                                                                                                                          SHA-512:4E263E8D240EF80A6A37AE077A05D6F261EF87471776C32893FCCD3C64559CE2B8D3D9EE83A66EA83C8D060D7FA6065D932720E67B4BA9F08E471C8E7BC2D605
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......JFIF.....`.`.....C....................................................................C.......................................................................0.l.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..+Ho.W.c~...w..s...m.WZ...L.......F.=..n....3....._..mBLqp....U.~.k}.q!......{T..W..+]..'u..P..}D.'.+2.._.Myq...!1G.d}..R1.]......pv.........a.f..9..R..j_b.......})..}E..(...K..>...;....Q+d*s...R.i...c....O.6..m..?w....8.h...k.J.,...Qc$...Tz.H..uap.5......*.i.nO.xB[..k....2.H.+.f]..8.j..h.P........W..V.......t.,....R'..~.!.pH..W...j.f...!yoz....,=(.:7..

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\Y7F39W73\thWEAWEOOD.jpg

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):14395
                                                                                                                                                                          Entropy (8bit):7.953190974382825
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:ShKR5rnMxc0NtxtxQpBlXOjAMY0Ui4vcHmtAP+:SAPrncc0NtipBRAPuUHmtAP+
                                                                                                                                                                          MD5:FB05B0CAB7E2213A250EFD596F2C82C2
                                                                                                                                                                          SHA1:AE9CC4BAE4F131E4D31389C920E5508B5D3BB02C
                                                                                                                                                                          SHA-256:59A223D3A3D3B568381C6C39181DFC4FE9EDE081537C12E9F2536EE735A8301F
                                                                                                                                                                          SHA-512:6318BEC65AB925262BF6C03781F37787F0EF4D0F94FBEAD4BE33B12688AB4585A2F304C76D0D700AC5E8C3DB0DC11200390134988E707ED5D8CB4D618D25F5EF
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....... ..,].R.Q*."..c._..q..Z.O.x......Ff...i.m...e.F....g..9..!..8".i4[H..$H._.....S.......r...n....Q._.uuy t.W......`.8....a..e.*........^.......%....e.k..$.....h,evw...Z1b.S.YA..M{..M^..^..j..P.........8>...^;.f...4&-o?}...?y..W>.....~*...G.....Nw.z.....W..5hPQ...%....2..Rq..o..........<.p....F...5../.K...]....|.7.s..9.. ..../Y.a.*[.cu....B.dm.\.b........x..

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\Y7F39W73\thYD11F7ZD.jpg

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):23162
                                                                                                                                                                          Entropy (8bit):7.963141426638586
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:S63hWDz3AF4C6sT69JZD5FuXlCtK8T5fUmPISWPe3vZQWHcMEZ2NPGK4X5XQS9eU:SgaA9O9JZVACtzp1zPH3m2NPk5XB9emd
                                                                                                                                                                          MD5:9750768919AA979EE9563C1E2D811125
                                                                                                                                                                          SHA1:DE41F24BD3C7E463F77F210F3CC136AFB37D93C0
                                                                                                                                                                          SHA-256:6A2BC15A75C5C694104FBBAF657ACC13F8B889C9C016E8C1C463BC1F1DCBAF80
                                                                                                                                                                          SHA-512:BE0C10000C1840E5DF34E1AFB1ED23E94E8B075ACD4A49BB8B6E3B3254BCB6F8354703CA4EAD7A6CC15CACB91491635D9C943F0F5B36AA8CFD1FCDCD26637C3B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....}.........B.........1.;...}>..V~"..5c,....E.P........j...VL.%i.h..|`......l....8....0.@.=.W.h....C"......l.9.q.QOq..t...#2..z.U..+0.Mij.P...4. #..1T.7/<P%.6.b2M:5....zr.W.x.......7HXm...VR..E~].A.Z.6..v...r..X|........O..hq...(.......w....}...k....x...o..M...`.H.!.V..[==..&...n...>.Gq..Rz..s.En..{K..O.$..r6.....R[l..W..$...$b'..m..=k6...B F

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\Y7F39W73\th[10].jpg

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):12762
                                                                                                                                                                          Entropy (8bit):7.940949493742292
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:SUbq/cG1CNumI204lz4T9cVLPp+idKWMkqph8:SBr+umIylMEjKWM/U
                                                                                                                                                                          MD5:41AF368EE72E82E6598AED344A561C7F
                                                                                                                                                                          SHA1:169AA8588675CF37962884CF9DD5E2AB35F6CC69
                                                                                                                                                                          SHA-256:937339DC181050FBCE3A02F88E7949228BA2BECF5F758C62CD1A6572CDF3891E
                                                                                                                                                                          SHA-512:3A8CDDB9A6A06BE02AB6F9176D3547011C78631F25DA8A160099035C8EFD9F01C7C5834B01F06CAC95F09C98CD648FD4B6EDD547A5402FC0C9B5BAC114146CF0
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...k..zG.;K.....q7.....b...~...o.,.....R.....M}..........x...Nx..^!...}.K.F~.l6..O.W....y.i.h......W...s.....^...x..nn.....I5[.g..;."i4.~.t.J.'.^...........Z..]...'.....^/....L.Z..)....ap.:|..H.Y........|.r..!.F...~..J.v..Q_M.. .o.......Z..h.-4..c@..v....x.%..U.\.Go...7...>..`r..MN7.>.:..b.Btenh..|.{. .P..,z...R@'.yO..:w.<_.h....}&..E.72....v....m>|.6...~.s_.

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\Y7F39W73\th[1].jpg

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):14581
                                                                                                                                                                          Entropy (8bit):7.954852359207175
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:SFtrHO8im+myne48iN1BTOrvzDELrEp/ixm7I:SFtru8ifkgTAcL+Ns
                                                                                                                                                                          MD5:1E5E1C990126BD327E7B4A719496724C
                                                                                                                                                                          SHA1:F9C57ACC55522AD2138E0827E72C9703DDBB1E81
                                                                                                                                                                          SHA-256:2DACB5EA974926E65AAA8ABD909A7B5CA65A663AB78BF3B6AE261537D43E395E
                                                                                                                                                                          SHA-512:D5E926FDFB84F8AB621A2C8820D867F87726E0B0432A9FC35BE45104E393ED5C6EBAAF0BFD2A0445069E747E364A1D0E5F82D8BDBE3916EF2B7C605131E97428
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....{I.....^O.k\.'.N+=.+..J.3....`zR.. .{.&r.....:..../.k.....E....w.U.4.bI.......+..R1..8s.Nt...O..B#7..4i.{..,,v.y8..7X..yP....c>..M.K..k.q=+.[..e..F.:\.S..J.....?{'.u.i:^...W,:.^Ma....#r.Z.V.7W......\n.m.....f..kYn.d.9..f.....K.Yd..K.4.O.6=.a-"v....?...i.....^.F.y.e^...{...u*sS]..|......'.{DG.6.e..x...G./...y.Xy..&.[m#...wy\.....@...+.\).a1..$.._C.

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\Y7F39W73\th[2].jpg

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):10694
                                                                                                                                                                          Entropy (8bit):7.9549510186364385
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:SlntkWn6xwCC2sgfKanu84VcRCt3tks1x7ulT5GegYSF1CQdvni4djz+svN:Snkt4gVnu8O9ksT7ulT5GegV+Gn971
                                                                                                                                                                          MD5:E2EC51E98FAD40637FBE8F0DF59D6FCA
                                                                                                                                                                          SHA1:A7D1A34989DD989829A54A11033EA995FDAA1AF0
                                                                                                                                                                          SHA-256:2CB073F1703A87F3A447B6D7B010D73C44418D771D39ECF26C985B236D09A8D7
                                                                                                                                                                          SHA-512:D80A3E25DABD5102CCD97FD3326B32F853BCB809F2783297F41B4069F81565F8CCB6520A311496703C4A9B720E01CFEBCFAFB4C8F8CDF59CDD7B75B0A6EC69CF
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...[.....9.OW.[.H....=.}f.2....p...\GY..8.M.8..z.F....3q.J.r..?J.$vf(..d..B$Y.."._.T........c..DE.....-......T...).R^2[........1Y..$.#H>Q....=...wb%<...Sl.Y7...4uY.U#Yw*.....H......z{.e..O.~..Ry~..#.&....?%.9..."F]q...*..V^:U.4.2..Dg....Y..b.h...~e...?...`K}EO$...G....}....<..*..5.<{........re>.3...P...>......arx.G4...7*...a..Q.9.h....\...YL.7.[].....j..n

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\Y7F39W73\th[3].jpg

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):24422
                                                                                                                                                                          Entropy (8bit):7.964817480611691
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:SG5PCsrf5kK0ml46GeaUzgWdarZDlaQW6LR+Qdxdf4wwDFTxxenc74FamNHlOGom:SGNCukK0jupg/o6tHdnw/OaaHcz8nn
                                                                                                                                                                          MD5:77C9064069B641C3878E0905C3D8F353
                                                                                                                                                                          SHA1:7476880DF048CFDE5D8397840A3EFF2950C163FA
                                                                                                                                                                          SHA-256:BB09851BFB498E2DCDBC22F35F05FA748ABDE2ACC4B1382DD19520C482702E09
                                                                                                                                                                          SHA-512:86214F0F0169A0A4D99FBD27E99A48618CC3B930D6B4899CF0EEC7F23231CAEE6F5A7BBED44E41099ED5B2A8B27EE36D1433DB735681ECF3A5BD3AE4DAC7C968
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..%z.#..i&....$.....G..|G.%..,.2.......i..9.......$H|.A..H..z..:.s)"..>.R.kQl..R,..(.>.......p...V....+./m"_<.7. .:.t.x..U...7.P&.,..q.d...X. ..zV..4=......d.....[...q..a.g)]lR....=-..M3.z...r+.,.9.r.......f.o.7w..,w..+Y.;...8.$.!`O.' .rs..O........iwP...@.&Q.=.A....>...I....m..-.;9v...V#.A#w.\..P...v.$..N.x.[4.feBU0.\...p>.}.p.].m...F...,Ch.....Pyf%.0q

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\Y7F39W73\th[4].jpg

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):8420
                                                                                                                                                                          Entropy (8bit):7.9401565160437775
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:SE9T3xfLxv57PNTzS3BIfekKcfCQNonSgS9u2VMcvjxaSqZ06QoVkv4zxlyR5WfS:SUBpzSRqKGuuFVMJXjfC4zfGQfHOI0v
                                                                                                                                                                          MD5:B35494709B23B5E60A3FBE6B30C60856
                                                                                                                                                                          SHA1:87F8767E34401F59A0D7268152CEDF3D1AFD6686
                                                                                                                                                                          SHA-256:7EDDD8462CAEC52F5107EFA1F4F3773260DC568DDEBBA2496832AAA4C90F0E89
                                                                                                                                                                          SHA-512:C9DCB646061FCCA65EC52524AB00EC7FE49BE22ADDBBEBCE6E3806706ACEFC876212F3B3B66105AEE27E0BB4D2AB5A188C3FE097F1C1FB8C8BC62112537E4762
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..,S..f}.T..s4L..=X..SR!.!.H.-0....)..?.9z.3.9O.T...*Ea...p..2I..O..JF9.n..j#6....).|.I..Z.5.<.......U.h.j.'..E&...)...._0{2.Li~Z.q..E.T.23I".Y.....|7.....i.dp9.....g..F.o........n........../.3&..X=..~_#.r,.m....d.&.. $...]V.e...1....L..o..g.u.h...d....M......Y...=..he.X.....c....<V.....b=x...s...&..YW.A..d.$.N.Z.....dU..+...B...z-d_.C....i.....f7go.

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\Y7F39W73\th[5].jpg

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):22917
                                                                                                                                                                          Entropy (8bit):7.96797695518491
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:Sk9QsYsJKRu1zZLOTMNgAKcLIcadlE9kXtanjMMjpvPEPcsYa6Omb:SkOsl1oTMNgAP7adW9tjhjF8PTmb
                                                                                                                                                                          MD5:B77CE347D45BC85FE9FDCB8EA7878002
                                                                                                                                                                          SHA1:B0BA6FDBF4AB402C8923E071946B58CB63BB7271
                                                                                                                                                                          SHA-256:48B0A2368435B7EE8ACEAADAE0BFA0585915D1859340666919A60EFD96618646
                                                                                                                                                                          SHA-512:239012AC5F17B5CB53420B4FAE2DC7D892FFBD503447F4B4F0944FBB57DA9C1FEDA0E4F7C058CB02D52F25FFC9ED5E0FA7458D2DA2907130AAA1DB47FAF03097
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..n-]n.`.0.@...&..6..J.4]>..y.?7.Z.U...le....#M...5b-CL.X.Uq..j.<0.fy[..U.o..A...x..e..k%..>..NvZ.M...g.......jmc[.....~..5.....mz.(nv.....P}2j..V...Z.K|$V_.5pO...F...QoS....n..h.a..$8.Z...l...w....&A.......).-"O.[n$.c#.L.5..|&......X5)-la..@.y`Fz..6..J...s.D....K.>o.kj.v..Y..j.s4..A...M......Ggp...3.H..<A.....^i.X./m.R.N..=.Ti....Vg.j.....7.j....H.@S.Oj.4?.Yi.".,..

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\Y7F39W73\th[6].jpg

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):17048
                                                                                                                                                                          Entropy (8bit):7.957710734445302
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:SFr7/CnRPjafBQOR+BlC2zZb2u219J5ruwyVd2rMOcq0:SFnCRPdOR+BlCYZb2u2Z5ruwy/2A+0
                                                                                                                                                                          MD5:9B368F660F38890F421203BF87F0E546
                                                                                                                                                                          SHA1:D00FF5B202446FA2CFD2572F96C5EF51F540C427
                                                                                                                                                                          SHA-256:C0296EB86419FE4F7EA98F93E6E04CB3EAADAA7435F52960D7F32474222123A2
                                                                                                                                                                          SHA-512:F37748719C6BE52F899DC3C1D396900F68D8625C171433942DA3FEDB1A27AF87962ECA10C517991C8D00D03FF5F5A032EA32F16C6A5592B5A3B6AE54296041BC
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..c....Z.....M....+..q....$...k;.Y..I..umY[.>s._?...........:.v.=EXm.?:]..~u.1.:.....*...?..5.Hv<..:..I....=.k.ui.|F.......v...2FUg.?J.&..\k.9.r.=Mpf..^.El{Y...%79'tP.\....5[Om..g.V.h.|X.1U.]I+.g...H.&PA.Y..[G.j.}*..8".Ll....t..r.}..c....,.xTPY..Vq.).F+Vs.X..7h..|,..~...?.ex...n.k......$/..Z.F.......c.3..>.......s...#..u.3#5.....<.b.'.+.!)(%.._.~~....^.Y..

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\Y7F39W73\th[7].jpg

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):25093
                                                                                                                                                                          Entropy (8bit):7.967687528090966
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:S4bTptWV2Bz1+vC3QY1wsnoX7tfNmyUohgercKN8t6BUSt/6k4q6ObpX2C/m7arq:S4XWVazx3QUwVFSercAJrJr6OFm0rq
                                                                                                                                                                          MD5:5CF66A3639C69EC9EAAC639AA6596D6C
                                                                                                                                                                          SHA1:052FBD99A4DC38DA696AE9B27AC38316511EF791
                                                                                                                                                                          SHA-256:839B2843735C4453EFFDECC9F18A57F49663AE57AB2CFA0CA84ADB1366A529E0
                                                                                                                                                                          SHA-512:8C83669B21645E9D40FB098A1C8602C5F8A923BA4E101E7C9595BF79233347B309E701083792406B771154F694E7F1D5558D04C16ABC396C162F7CAC39624540
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..WZ.Dva..u?..=+..#j...2.g..%h..!q.....1.V.......Z...C...U..Y....=...]z.x5........b9..f.#''.w. .Mg9K....z...<Q.t.D...v.F\>.....c.c.k..<9.X?...$...cDP.o.r...s...;NYzW!k._...S.F.L....I..l.......>....|B......o.x....a$...e]A.a...A...Kk...5f..t._.%.l....+T.$qr$M....F...@{.?N.:Tz....5w..tV....F|....?/.<...=xO..>%.ww.Es..v.a%...&.;.4R'.1..X.../.xE.|7...6...y4

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\Y7F39W73\th[8].jpg

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 620x304, components 3
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):30515
                                                                                                                                                                          Entropy (8bit):7.953762049534676
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:RJun2vyCp1Mvd6P71y8u6ltJUpNc4fZLD2l183Jtkvk1P0fun+moECLfvEDjbIrs:RJ4g5MF68NIGNc4+HQ4vg3WHojsrjMf
                                                                                                                                                                          MD5:499E689D30BB7F9483DE65B3B13B595F
                                                                                                                                                                          SHA1:3B1F237F0A5BB4B63A2F9B8A2D774A14BDE7D2A7
                                                                                                                                                                          SHA-256:B28899E2FCB5A84085B237DEB182AC741BD7B459ED57C144FEA8743110FA717F
                                                                                                                                                                          SHA-512:77EDC6DDB72911C62BB4BA8FD6C10B1C32F17C8F94BC1BF2B70CD8F35BA6ED9BC5E52782F8DCAA5393EA01A1D72E88098E66613287ECA4BD2FE25FBAEA40552C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......JFIF.....`.`.....C....................................................................C.......................................................................0.l.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?......R....xLc....JY...d..h.1.+..............{..QLP.x...X..N.g..u.<..D.../.O..k> .m.l.........#8?x`W.....C......#'..^..<G..,........t.=@U.Q...6.~UZH..T{.d..@....}.."W?.......W..U..{.v..NA.*K{.k.6E&...;.O2hi.......y........L.._6|6!.ac...q.~....Mh..... ..#....r.O...........a.qP.v~....\.Jot.....?.a-...G.u.Y[..8..*...e.#...*.$B:..U.??.U....O..V9.....h.....i..|._Jr.

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\Y7F39W73\th[9].jpg

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):21381
                                                                                                                                                                          Entropy (8bit):7.965883607645141
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:SW36JGLeAyxj+DJI3rZmf8bsHpW5tJt9LcXObL3jGZG5qF73zWcxP68ORGorkI8:S+6J7JjAIi2sJgvt9HfqZG5qF73iKS8V
                                                                                                                                                                          MD5:45DAF417ECFBA4D8316E2F5299B22810
                                                                                                                                                                          SHA1:97BA5D99B938C89C101F8C02557CBD70FA6060F1
                                                                                                                                                                          SHA-256:6093796217C21ACE33FB8A3638B30085F49CF22C7AA3BCE8B20B7EF248E0897D
                                                                                                                                                                          SHA-512:2E3F310B0174D4BC049B94A5738AF55E0DF55523641ED7A93B8AEE88D4150B7D25FF06E5C8CB24B470CFB1243233FBFC03B82B7D8F1A0F7EB77CF3C200BECF07
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..E....x..j...^...u..|.Q...C.#..\..&.kQ.......Q..%....<.1...r.q.v.I.0m|...........-m!qi..o.s.......N.F.MwS|......x.V...=..w.'...i|..U.....z.,D...8.r..k...d..=2..P.R.....3,.NW...x..<.c...........Z.j.l._...f....R.,...9O.n..9._J.xc..b..F]V.<.5{.}..+...@.2I+....J....E.>...M{...{..FH.B..)#s......y'...-m....{P.5.cS.......IMJ...^j..gY......3;.e.Us.I.......i..y.].k..P

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\Y7F39W73\vendors.79af82f3c5b028c7ea81[1].js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with very long lines (44421), with NEL line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):196564
                                                                                                                                                                          Entropy (8bit):5.416918453049597
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3072:5yggyMjcPJF7iol0cQtK7bKXZ7x7/3DwLqsop:5yggUJN3CE7cZ7MnQ
                                                                                                                                                                          MD5:87B6340D5C378650AB6B6DBFC2FCC200
                                                                                                                                                                          SHA1:42625DD447DD664F0078D831A020BED9A71A92A1
                                                                                                                                                                          SHA-256:27F89E7501CE8BF61E542F918284E6DDA03C31ADE11BD4B2174AE34D50EAABB3
                                                                                                                                                                          SHA-512:1BE5C0AD1109FF789A1D1A7D1145C1421E756A26D7350F512C0434DFF1422477EA36DA6BE886556CAD37B75ACA5942A10E6E71761A87263151419451487E5EE6
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:"use strict";(self.webpackChunk_msnews_msnews_experiences=self.webpackChunk_msnews_msnews_experiences||[]).push([["vendors"],{29558:function(t){function e(){}t.exports=e,t.exports.HttpsAgent=e},74322:function(t){t.exports=function(t){if("function"!=typeof t)throw TypeError(String(t)+" is not a function");return t}},25135:function(t,e,r){var n=r(26397);t.exports=function(t){if(!n(t)&&null!==t)throw TypeError("Can't set "+String(t)+" as a prototype");return t}},6664:function(t,e,r){var n=r(23362),o=r(35093),i=r(79549),a=n("unscopables"),u=Array.prototype;null==u[a]&&i.f(u,a,{configurable:!0,value:o(null)}),t.exports=function(t){u[a][t]=!0}},99027:function(t,e,r){var n=r(58306).charAt;t.exports=function(t,e,r){return e+(r?n(t,e).length:1)}},57699:function(t){t.exports=function(t,e,r){if(!(t instanceof e))throw TypeError("Incorrect "+(r?r+" ":"")+"invocation");return t}},45150:function(t,e,r){var n=r(26397);t.exports=function(t){if(!n(t))throw TypeError(String(t)+" is not an object");retur

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\MSIMGSIZ.DAT

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):49120
                                                                                                                                                                          Entropy (8bit):0.0017331682157558962
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:Ztt:T
                                                                                                                                                                          MD5:0392ADA071EB68355BED625D8F9695F3
                                                                                                                                                                          SHA1:777253141235B6C6AC92E17E297A1482E82252CC
                                                                                                                                                                          SHA-256:B1313DD95EAF63F33F86F72F09E2ECD700D11159A8693210C37470FCB84038F7
                                                                                                                                                                          SHA-512:EF659EEFCAB16221783ECB258D19801A1FF063478698CF4FCE3C9F98059CA7B1D060B0449E6FD89D3B70439D9735FA1D50088568FF46C9927DE45808250AEC2E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\27b17a06-2d21-4c33-92d1-6a386fc7834f.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:Google Chrome extension, version 3
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):98960
                                                                                                                                                                          Entropy (8bit):7.702941019514499
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:1536:EMgLUGcY3s6U4W3NrUeNWy4cSbJUQyuW+8hXuzoLdN4pu1FIc1/x/iDhoA9lo:bEUGEKer/W0KJIudO6Mn4pu1dpKtoX
                                                                                                                                                                          MD5:FC21C3084ECE86A867515F4112126D22
                                                                                                                                                                          SHA1:7AD412386EEDA21136AB332EDCED98AF075CCCD2
                                                                                                                                                                          SHA-256:378723490592C0627AC18A287F9A9CB74970C3C6E10A177C322282BFC1D01E01
                                                                                                                                                                          SHA-512:37777D2F86D5586B5DB02FE8DF853814FF0B1FCF0141ADB8CF0A42CE3C15C5DA8F65DE89E2DEB8C13040302F95C6B0FF523A4288C5D38FF7977212AA011B1309
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:Cr24....d"........0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........S.S.H.{..a./-X.....Q.B'E..^...+....3..../`L).&w.e...`...v.V.v.....$.RB..IH.7wJ..a..r....t..b.'.V.5.{.O....5.x........q..........R.I.P.o\.FCx......l.%..5.1......O)d/O H?..S..1.o.gK3.*.6Ug.5<..k.....\........Z............yK.W.?....C..gh...R/.W.....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...H0F.!.....T...B.l........~_&.K..HH...!.....6]..~.g....n{.f...Q2..Ip..?s".>...........|[s...._.Z......o! 01".]@]]...`...$.t.....vWw.t...d.....CB....M6...0.....6.5M[.......y?.....t....g}..f......m*/.XJ}|s.....m#7.6[U_v[n.......^.j+...y.6:.."P.....}|.w..].>....C..?v......vK.}|.=^....GB.X..x=_.....p.q...#.g:...P....

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\33019f1b-4195-4f12-8865-662cacb91818.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:very short file (no magic)
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1
                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:L:L
                                                                                                                                                                          MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                          SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                          SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                          SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\41fee864-26e9-477b-9685-e8b1b5718fc8.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:Google Chrome extension, version 3
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):11185
                                                                                                                                                                          Entropy (8bit):7.951995436832936
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                          MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                          SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                          SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                          SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\BIT6E99.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):124775448
                                                                                                                                                                          Entropy (8bit):7.999996586829686
                                                                                                                                                                          Encrypted:true
                                                                                                                                                                          SSDEEP:3145728:G7pzQwa6D75W9AobFmNOlpCbLcRLq4vtpN8/RKA/gSBa5:GdzjD7s9FlgsRL9Vo/u5
                                                                                                                                                                          MD5:40976C35E6CA27871F134A8A2FCAFC21
                                                                                                                                                                          SHA1:FAA553B01EE47E9079F24A930BCE454BC2D48B37
                                                                                                                                                                          SHA-256:F5E6C9BA8FB7867D041BC5D7591B50714688FBD31E6716A4D631D549ECEEB03C
                                                                                                                                                                          SHA-512:4B178177039B894A92E712BFBE7358BB84F2830E8E042B77B3C1864A449F48FAADE7F5F016BC9C03B946BB47AF8389A3DE62C8CC283B9A948021E04338BEBDD6
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...(..e.........."......8....o................@............................. p.......p...`..................................................Y..P........go...........o..(....p.(....X..............................PP..@...........0\...............................text...67.......8.................. ..`.rdata..`....P.......<..............@..@.data...p....p.......R..............@....pdata...............T..............@..@.retplne.............X...................rsrc....go......ho..Z..............@..@.reloc..(.....p.......o.............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\ade1f3bf-5b4a-4653-81fa-de002cc8655d.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:very short file (no magic)
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1
                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:L:L
                                                                                                                                                                          MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                          SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                          SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                          SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\cv_debug.log

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):353
                                                                                                                                                                          Entropy (8bit):5.365205015411589
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:YEZjcROEW/56s/uZj4lL2JQJjDrwv/uZjXAaC56s/C:YOjXE056s/4j4RK0Dkv/4jXy56s/C
                                                                                                                                                                          MD5:05EFB9AC9D65D578742CB7CE8761DDA4
                                                                                                                                                                          SHA1:BBB5EE7FE7C17D95F7C04B7C0CCAA94CFFA0F9EF
                                                                                                                                                                          SHA-256:91785C09E4641D0BD62FD968A21DD47F75F915C58EF86760198357567CCC3FB8
                                                                                                                                                                          SHA-512:1747ED65B56BA8FAD041DC8D58F68667511BBBA34352E0D008A3E65AEEA326192B8A24F38A137F8F67FB488FE59549621FC59DC215A2E753C4685FEB21DC8965
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"logTime": "0318/091434", "correlationVector":"FPDxMAu6yg34kDwY4as0u9","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "0318/091434", "correlationVector":"376D2DA2656E45DD9CFDF4221BA26249","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "0318/091434", "correlationVector":"8wdbDeY82OMJvax+XDJoHT","action":"EXTENSION_UPDATER", "result":""}.

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\f5137048-1e54-4fbb-be6f-3f30e4689d2e.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 118802
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):242356
                                                                                                                                                                          Entropy (8bit):7.991210403664034
                                                                                                                                                                          Encrypted:true
                                                                                                                                                                          SSDEEP:6144:iRhzb6d0X7ayN8De2ei//LiBCNBs4vIVeJvx:iRFW0X2y0e2edcbveCp
                                                                                                                                                                          MD5:D01AD4937EEB60A02BB525C82C8276BA
                                                                                                                                                                          SHA1:1B3EB2D065E83849A22E751C40B2AA220C26C339
                                                                                                                                                                          SHA-256:C59193D5128C21AED2F5311517F6C4DD0B4C1D14CB9B6E1F01F53DE57775F70C
                                                                                                                                                                          SHA-512:DE981CDF56BC22D02DF548539EC3A411472B9D23DA960C466C6423A09F0559803088694B190DD0B4AE6432803A892F01ABFD438F68ED2E73AB5AC37314016574
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:...........}k{.F....W.<=)Y....[...&N.mn'N.M].?.4..P...|.........Pv.&..mwc..b0...`.e.[Y..........3~........>9.G.d>Ob......Y,..{xx....]......].r.{...3qsv.C.....o....A.J.......X.].v~|..t...0.].2..2.oO.O...a'.Y...ix..I.q..Ox.{+.c.JZ.'I..=..Ir..i..Xn......2:.N].._D.W.....Vw.jko.w.{w..}s[....F3P......&..9b.;....'.l.onz..d~...i...9O.......F..6N.ix...7..9..%w.....4..7..<.....O..J..O...N.../X.V.r........waH..... ...V.gy..y2m..........OS...(..$o..(j..q.dY+...T...r.Y.1.1..8.<...p$...E2.O.......~NC..c.@Nv.s....%...P..#p.....Cyl-........~......R.i....x....e..3.....@..x...:......nY....Z11>..S.~|7...K.....h..to..~Z..]Ly..Z......V#.L..E..I.x.K....Bho.z.x.E+....[....ZZ...*.>......0...w..o.?...=..../1.....p..w...2..E,H.$.0k..X.L9...X.....q.e......H....I......<.....=.. ..D<.................W.".........7S.!W.8...6|..0.....j....0.`....v...`<+.l*....._3.lh#.!..(t...}j.P.._...7'.......Q........F.u).@....~f.o...3x^y}.P..H......>mwEP....q....,Y.c..?....

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_145037711\41fee864-26e9-477b-9685-e8b1b5718fc8.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:Google Chrome extension, version 3
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):11185
                                                                                                                                                                          Entropy (8bit):7.951995436832936
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                          MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                          SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                          SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                          SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_145037711\CRX_INSTALL\_metadata\verified_contents.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1753
                                                                                                                                                                          Entropy (8bit):5.8889033066924155
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
                                                                                                                                                                          MD5:738E757B92939B24CDBBD0EFC2601315
                                                                                                                                                                          SHA1:77058CBAFA625AAFBEA867052136C11AD3332143
                                                                                                                                                                          SHA-256:D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
                                                                                                                                                                          SHA-512:DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_145037711\CRX_INSTALL\content.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):9815
                                                                                                                                                                          Entropy (8bit):6.1716321262973315
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
                                                                                                                                                                          MD5:3D20584F7F6C8EAC79E17CCA4207FB79
                                                                                                                                                                          SHA1:3C16DCC27AE52431C8CDD92FBAAB0341524D3092
                                                                                                                                                                          SHA-256:0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
                                                                                                                                                                          SHA-512:315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_145037711\CRX_INSTALL\content_new.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):10388
                                                                                                                                                                          Entropy (8bit):6.174387413738973
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
                                                                                                                                                                          MD5:3DE1E7D989C232FC1B58F4E32DE15D64
                                                                                                                                                                          SHA1:42B152EA7E7F31A964914F344543B8BF14B5F558
                                                                                                                                                                          SHA-256:D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
                                                                                                                                                                          SHA-512:177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_145037711\CRX_INSTALL\manifest.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):962
                                                                                                                                                                          Entropy (8bit):5.698567446030411
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
                                                                                                                                                                          MD5:E805E9E69FD6ECDCA65136957B1FB3BE
                                                                                                                                                                          SHA1:2356F60884130C86A45D4B232A26062C7830E622
                                                                                                                                                                          SHA-256:5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
                                                                                                                                                                          SHA-512:049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/*" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/*" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\27b17a06-2d21-4c33-92d1-6a386fc7834f.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:Google Chrome extension, version 3
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):98960
                                                                                                                                                                          Entropy (8bit):7.702941019514499
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:1536:EMgLUGcY3s6U4W3NrUeNWy4cSbJUQyuW+8hXuzoLdN4pu1FIc1/x/iDhoA9lo:bEUGEKer/W0KJIudO6Mn4pu1dpKtoX
                                                                                                                                                                          MD5:FC21C3084ECE86A867515F4112126D22
                                                                                                                                                                          SHA1:7AD412386EEDA21136AB332EDCED98AF075CCCD2
                                                                                                                                                                          SHA-256:378723490592C0627AC18A287F9A9CB74970C3C6E10A177C322282BFC1D01E01
                                                                                                                                                                          SHA-512:37777D2F86D5586B5DB02FE8DF853814FF0B1FCF0141ADB8CF0A42CE3C15C5DA8F65DE89E2DEB8C13040302F95C6B0FF523A4288C5D38FF7977212AA011B1309
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:Cr24....d"........0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........S.S.H.{..a./-X.....Q.B'E..^...+....3..../`L).&w.e...`...v.V.v.....$.RB..IH.7wJ..a..r....t..b.'.V.5.{.O....5.x........q..........R.I.P.o\.FCx......l.%..5.1......O)d/O H?..S..1.o.gK3.*.6Ug.5<..k.....\........Z............yK.W.?....C..gh...R/.W.....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...H0F.!.....T...B.l........~_&.K..HH...!.....6]..~.g....n{.f...Q2..Ip..?s".>...........|[s...._.Z......o! 01".]@]]...`...$.t.....vWw.t...d.....CB....M6...0.....6.5M[.......y?.....t....g}..f......m*/.XJ}|s.....m#7.6[U_v[n.......^.j+...y.6:.."P.....}|.w..].>....C..?v......vK.}|.=^....GB.X..x=_.....p.q...#.g:...P....

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\128.png

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4982
                                                                                                                                                                          Entropy (8bit):7.929761711048726
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
                                                                                                                                                                          MD5:913064ADAAA4C4FA2A9D011B66B33183
                                                                                                                                                                          SHA1:99EA751AC2597A080706C690612AEEEE43161FC1
                                                                                                                                                                          SHA-256:AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
                                                                                                                                                                          SHA-512:162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb*..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...*T.P.B...*Tx...=.Q..wv.w.....|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......|..}./.....e..,.K.1........W.u.v. ...\.o

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\af\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):908
                                                                                                                                                                          Entropy (8bit):4.512512697156616
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
                                                                                                                                                                          MD5:12403EBCCE3AE8287A9E823C0256D205
                                                                                                                                                                          SHA1:C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
                                                                                                                                                                          SHA-256:B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
                                                                                                                                                                          SHA-512:153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\am\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1285
                                                                                                                                                                          Entropy (8bit):4.702209356847184
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
                                                                                                                                                                          MD5:9721EBCE89EC51EB2BAEB4159E2E4D8C
                                                                                                                                                                          SHA1:58979859B28513608626B563138097DC19236F1F
                                                                                                                                                                          SHA-256:3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
                                                                                                                                                                          SHA-512:FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\ar\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1244
                                                                                                                                                                          Entropy (8bit):4.5533961615623735
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
                                                                                                                                                                          MD5:3EC93EA8F8422FDA079F8E5B3F386A73
                                                                                                                                                                          SHA1:24640131CCFB21D9BC3373C0661DA02D50350C15
                                                                                                                                                                          SHA-256:ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
                                                                                                                                                                          SHA-512:F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\az\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):977
                                                                                                                                                                          Entropy (8bit):4.867640976960053
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
                                                                                                                                                                          MD5:9A798FD298008074E59ECC253E2F2933
                                                                                                                                                                          SHA1:1E93DA985E880F3D3350FC94F5CCC498EFC8C813
                                                                                                                                                                          SHA-256:628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
                                                                                                                                                                          SHA-512:9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\be\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3107
                                                                                                                                                                          Entropy (8bit):3.535189746470889
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
                                                                                                                                                                          MD5:68884DFDA320B85F9FC5244C2DD00568
                                                                                                                                                                          SHA1:FD9C01E03320560CBBB91DC3D1917C96D792A549
                                                                                                                                                                          SHA-256:DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
                                                                                                                                                                          SHA-512:7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\bg\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1389
                                                                                                                                                                          Entropy (8bit):4.561317517930672
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
                                                                                                                                                                          MD5:2E6423F38E148AC5A5A041B1D5989CC0
                                                                                                                                                                          SHA1:88966FFE39510C06CD9F710DFAC8545672FFDCEB
                                                                                                                                                                          SHA-256:AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
                                                                                                                                                                          SHA-512:891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\bn\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1763
                                                                                                                                                                          Entropy (8bit):4.25392954144533
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
                                                                                                                                                                          MD5:651375C6AF22E2BCD228347A45E3C2C9
                                                                                                                                                                          SHA1:109AC3A912326171D77869854D7300385F6E628C
                                                                                                                                                                          SHA-256:1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
                                                                                                                                                                          SHA-512:958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\ca\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):930
                                                                                                                                                                          Entropy (8bit):4.569672473374877
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
                                                                                                                                                                          MD5:D177261FFE5F8AB4B3796D26835F8331
                                                                                                                                                                          SHA1:4BE708E2FFE0F018AC183003B74353AD646C1657
                                                                                                                                                                          SHA-256:D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
                                                                                                                                                                          SHA-512:E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\cs\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):913
                                                                                                                                                                          Entropy (8bit):4.947221919047
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
                                                                                                                                                                          MD5:CCB00C63E4814F7C46B06E4A142F2DE9
                                                                                                                                                                          SHA1:860936B2A500CE09498B07A457E0CCA6B69C5C23
                                                                                                                                                                          SHA-256:21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
                                                                                                                                                                          SHA-512:35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\cy\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):806
                                                                                                                                                                          Entropy (8bit):4.815663786215102
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
                                                                                                                                                                          MD5:A86407C6F20818972B80B9384ACFBBED
                                                                                                                                                                          SHA1:D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
                                                                                                                                                                          SHA-256:A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
                                                                                                                                                                          SHA-512:D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\da\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):883
                                                                                                                                                                          Entropy (8bit):4.5096240460083905
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
                                                                                                                                                                          MD5:B922F7FD0E8CCAC31B411FC26542C5BA
                                                                                                                                                                          SHA1:2D25E153983E311E44A3A348B7D97AF9AAD21A30
                                                                                                                                                                          SHA-256:48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
                                                                                                                                                                          SHA-512:AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\de\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1031
                                                                                                                                                                          Entropy (8bit):4.621865814402898
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
                                                                                                                                                                          MD5:D116453277CC860D196887CEC6432FFE
                                                                                                                                                                          SHA1:0AE00288FDE696795CC62FD36EABC507AB6F4EA4
                                                                                                                                                                          SHA-256:36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
                                                                                                                                                                          SHA-512:C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\el\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1613
                                                                                                                                                                          Entropy (8bit):4.618182455684241
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
                                                                                                                                                                          MD5:9ABA4337C670C6349BA38FDDC27C2106
                                                                                                                                                                          SHA1:1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
                                                                                                                                                                          SHA-256:37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
                                                                                                                                                                          SHA-512:8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\en\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):851
                                                                                                                                                                          Entropy (8bit):4.4858053753176526
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                          MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                          SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                          SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                          SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\en_CA\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):851
                                                                                                                                                                          Entropy (8bit):4.4858053753176526
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                          MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                          SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                          SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                          SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\en_GB\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):848
                                                                                                                                                                          Entropy (8bit):4.494568170878587
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
                                                                                                                                                                          MD5:3734D498FB377CF5E4E2508B8131C0FA
                                                                                                                                                                          SHA1:AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
                                                                                                                                                                          SHA-256:AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
                                                                                                                                                                          SHA-512:56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\en_US\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1425
                                                                                                                                                                          Entropy (8bit):4.461560329690825
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
                                                                                                                                                                          MD5:578215FBB8C12CB7E6CD73FBD16EC994
                                                                                                                                                                          SHA1:9471D71FA6D82CE1863B74E24237AD4FD9477187
                                                                                                                                                                          SHA-256:102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
                                                                                                                                                                          SHA-512:E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\es\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):961
                                                                                                                                                                          Entropy (8bit):4.537633413451255
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
                                                                                                                                                                          MD5:F61916A206AC0E971CDCB63B29E580E3
                                                                                                                                                                          SHA1:994B8C985DC1E161655D6E553146FB84D0030619
                                                                                                                                                                          SHA-256:2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
                                                                                                                                                                          SHA-512:D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\es_419\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):959
                                                                                                                                                                          Entropy (8bit):4.570019855018913
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
                                                                                                                                                                          MD5:535331F8FB98894877811B14994FEA9D
                                                                                                                                                                          SHA1:42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
                                                                                                                                                                          SHA-256:90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
                                                                                                                                                                          SHA-512:2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\et\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):968
                                                                                                                                                                          Entropy (8bit):4.633956349931516
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
                                                                                                                                                                          MD5:64204786E7A7C1ED9C241F1C59B81007
                                                                                                                                                                          SHA1:586528E87CD670249A44FB9C54B1796E40CDB794
                                                                                                                                                                          SHA-256:CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
                                                                                                                                                                          SHA-512:44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\eu\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):838
                                                                                                                                                                          Entropy (8bit):4.4975520913636595
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
                                                                                                                                                                          MD5:29A1DA4ACB4C9D04F080BB101E204E93
                                                                                                                                                                          SHA1:2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
                                                                                                                                                                          SHA-256:A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
                                                                                                                                                                          SHA-512:B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\fa\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1305
                                                                                                                                                                          Entropy (8bit):4.673517697192589
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
                                                                                                                                                                          MD5:097F3BA8DE41A0AAF436C783DCFE7EF3
                                                                                                                                                                          SHA1:986B8CABD794E08C7AD41F0F35C93E4824AC84DF
                                                                                                                                                                          SHA-256:7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
                                                                                                                                                                          SHA-512:8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\fi\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):911
                                                                                                                                                                          Entropy (8bit):4.6294343834070935
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
                                                                                                                                                                          MD5:B38CBD6C2C5BFAA6EE252D573A0B12A1
                                                                                                                                                                          SHA1:2E490D5A4942D2455C3E751F96BD9960F93C4B60
                                                                                                                                                                          SHA-256:2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
                                                                                                                                                                          SHA-512:6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\fil\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):939
                                                                                                                                                                          Entropy (8bit):4.451724169062555
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
                                                                                                                                                                          MD5:FCEA43D62605860FFF41BE26BAD80169
                                                                                                                                                                          SHA1:F25C2CE893D65666CC46EA267E3D1AA080A25F5B
                                                                                                                                                                          SHA-256:F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
                                                                                                                                                                          SHA-512:F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\fr\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):977
                                                                                                                                                                          Entropy (8bit):4.622066056638277
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
                                                                                                                                                                          MD5:A58C0EEBD5DC6BB5D91DAF923BD3A2AA
                                                                                                                                                                          SHA1:F169870EEED333363950D0BCD5A46D712231E2AE
                                                                                                                                                                          SHA-256:0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
                                                                                                                                                                          SHA-512:B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\fr_CA\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):972
                                                                                                                                                                          Entropy (8bit):4.621319511196614
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
                                                                                                                                                                          MD5:6CAC04BDCC09034981B4AB567B00C296
                                                                                                                                                                          SHA1:84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
                                                                                                                                                                          SHA-256:4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
                                                                                                                                                                          SHA-512:160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\gl\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):990
                                                                                                                                                                          Entropy (8bit):4.497202347098541
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
                                                                                                                                                                          MD5:6BAAFEE2F718BEFBC7CD58A04CCC6C92
                                                                                                                                                                          SHA1:CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
                                                                                                                                                                          SHA-256:0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
                                                                                                                                                                          SHA-512:3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\gu\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1658
                                                                                                                                                                          Entropy (8bit):4.294833932445159
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
                                                                                                                                                                          MD5:BC7E1D09028B085B74CB4E04D8A90814
                                                                                                                                                                          SHA1:E28B2919F000B41B41209E56B7BF3A4448456CFE
                                                                                                                                                                          SHA-256:FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
                                                                                                                                                                          SHA-512:040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\hi\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1672
                                                                                                                                                                          Entropy (8bit):4.314484457325167
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
                                                                                                                                                                          MD5:98A7FC3E2E05AFFFC1CFE4A029F47476
                                                                                                                                                                          SHA1:A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
                                                                                                                                                                          SHA-256:D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
                                                                                                                                                                          SHA-512:457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\hr\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):935
                                                                                                                                                                          Entropy (8bit):4.6369398601609735
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
                                                                                                                                                                          MD5:25CDFF9D60C5FC4740A48EF9804BF5C7
                                                                                                                                                                          SHA1:4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
                                                                                                                                                                          SHA-256:73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
                                                                                                                                                                          SHA-512:EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\hu\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1065
                                                                                                                                                                          Entropy (8bit):4.816501737523951
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
                                                                                                                                                                          MD5:8930A51E3ACE3DD897C9E61A2AEA1D02
                                                                                                                                                                          SHA1:4108506500C68C054BA03310C49FA5B8EE246EA4
                                                                                                                                                                          SHA-256:958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
                                                                                                                                                                          SHA-512:126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\hy\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2771
                                                                                                                                                                          Entropy (8bit):3.7629875118570055
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
                                                                                                                                                                          MD5:55DE859AD778E0AA9D950EF505B29DA9
                                                                                                                                                                          SHA1:4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
                                                                                                                                                                          SHA-256:0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
                                                                                                                                                                          SHA-512:EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\id\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):858
                                                                                                                                                                          Entropy (8bit):4.474411340525479
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
                                                                                                                                                                          MD5:34D6EE258AF9429465AE6A078C2FB1F5
                                                                                                                                                                          SHA1:612CAE151984449A4346A66C0A0DF4235D64D932
                                                                                                                                                                          SHA-256:E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
                                                                                                                                                                          SHA-512:20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\is\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):954
                                                                                                                                                                          Entropy (8bit):4.631887382471946
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:YGXU2rOcxGe+J97f9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95MwP9KkJ+je:YwBrD2J2DBLMfFuWvdpY94vioO+uh
                                                                                                                                                                          MD5:1F565FB1C549B18AF8BBFED8DECD5D94
                                                                                                                                                                          SHA1:B57F4BDAE06FF3DFC1EB3E56B6F2F204D6F63638
                                                                                                                                                                          SHA-256:E16325D1A641EF7421F2BAFCD6433D53543C89D498DD96419B03CBA60B9C7D60
                                                                                                                                                                          SHA-512:A60B8E042A9BCDCC136B87948E9924A0B24D67C6CA9803904B876F162A0AD82B9619F1316BE9FF107DD143B44F7E6F5DF604ABFE00818DEB40A7D62917CDA69F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\it\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):899
                                                                                                                                                                          Entropy (8bit):4.474743599345443
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
                                                                                                                                                                          MD5:0D82B734EF045D5FE7AA680B6A12E711
                                                                                                                                                                          SHA1:BD04F181E4EE09F02CD53161DCABCEF902423092
                                                                                                                                                                          SHA-256:F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
                                                                                                                                                                          SHA-512:01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\iw\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2230
                                                                                                                                                                          Entropy (8bit):3.8239097369647634
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
                                                                                                                                                                          MD5:26B1533C0852EE4661EC1A27BD87D6BF
                                                                                                                                                                          SHA1:18234E3ABAF702DF9330552780C2F33B83A1188A
                                                                                                                                                                          SHA-256:BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
                                                                                                                                                                          SHA-512:450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\ja\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1160
                                                                                                                                                                          Entropy (8bit):5.292894989863142
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
                                                                                                                                                                          MD5:15EC1963FC113D4AD6E7E59AE5DE7C0A
                                                                                                                                                                          SHA1:4017FC6D8B302335469091B91D063B07C9E12109
                                                                                                                                                                          SHA-256:34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
                                                                                                                                                                          SHA-512:427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\ka\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3264
                                                                                                                                                                          Entropy (8bit):3.586016059431306
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
                                                                                                                                                                          MD5:83F81D30913DC4344573D7A58BD20D85
                                                                                                                                                                          SHA1:5AD0E91EA18045232A8F9DF1627007FE506A70E0
                                                                                                                                                                          SHA-256:30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
                                                                                                                                                                          SHA-512:85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\kk\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3235
                                                                                                                                                                          Entropy (8bit):3.6081439490236464
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
                                                                                                                                                                          MD5:2D94A58795F7B1E6E43C9656A147AD3C
                                                                                                                                                                          SHA1:E377DB505C6924B6BFC9D73DC7C02610062F674E
                                                                                                                                                                          SHA-256:548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
                                                                                                                                                                          SHA-512:F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\km\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3122
                                                                                                                                                                          Entropy (8bit):3.891443295908904
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
                                                                                                                                                                          MD5:B3699C20A94776A5C2F90AEF6EB0DAD9
                                                                                                                                                                          SHA1:1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
                                                                                                                                                                          SHA-256:A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
                                                                                                                                                                          SHA-512:1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\kn\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1880
                                                                                                                                                                          Entropy (8bit):4.295185867329351
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/UGG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZZ
                                                                                                                                                                          MD5:8E16966E815C3C274EEB8492B1EA6648
                                                                                                                                                                          SHA1:7482ED9F1C9FD9F6F9BA91AB15921B19F64C9687
                                                                                                                                                                          SHA-256:418FF53FCA505D54268413C796E4DF80E947A09F399AB222A90B81E93113D5B5
                                                                                                                                                                          SHA-512:85B28202E874B1CF45B37BA05B87B3D8D6FE38E89C6011C4240CF6B563EA6DA60181D712CCE20D07C364F4A266A4EC90C4934CC8B7BB2013CB3B22D755796E38
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\ko\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1042
                                                                                                                                                                          Entropy (8bit):5.3945675025513955
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
                                                                                                                                                                          MD5:F3E59EEEB007144EA26306C20E04C292
                                                                                                                                                                          SHA1:83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
                                                                                                                                                                          SHA-256:C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
                                                                                                                                                                          SHA-512:7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\lo\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2535
                                                                                                                                                                          Entropy (8bit):3.8479764584971368
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
                                                                                                                                                                          MD5:E20D6C27840B406555E2F5091B118FC5
                                                                                                                                                                          SHA1:0DCECC1A58CEB4936E255A64A2830956BFA6EC14
                                                                                                                                                                          SHA-256:89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
                                                                                                                                                                          SHA-512:AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\lt\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1028
                                                                                                                                                                          Entropy (8bit):4.797571191712988
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
                                                                                                                                                                          MD5:970544AB4622701FFDF66DC556847652
                                                                                                                                                                          SHA1:14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
                                                                                                                                                                          SHA-256:5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
                                                                                                                                                                          SHA-512:CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\lv\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):994
                                                                                                                                                                          Entropy (8bit):4.700308832360794
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
                                                                                                                                                                          MD5:A568A58817375590007D1B8ABCAEBF82
                                                                                                                                                                          SHA1:B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
                                                                                                                                                                          SHA-256:0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
                                                                                                                                                                          SHA-512:FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\ml\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2091
                                                                                                                                                                          Entropy (8bit):4.358252286391144
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
                                                                                                                                                                          MD5:4717EFE4651F94EFF6ACB6653E868D1A
                                                                                                                                                                          SHA1:B8A7703152767FBE1819808876D09D9CC1C44450
                                                                                                                                                                          SHA-256:22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
                                                                                                                                                                          SHA-512:487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\mn\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2778
                                                                                                                                                                          Entropy (8bit):3.595196082412897
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
                                                                                                                                                                          MD5:83E7A14B7FC60D4C66BF313C8A2BEF0B
                                                                                                                                                                          SHA1:1CCF1D79CDED5D65439266DB58480089CC110B18
                                                                                                                                                                          SHA-256:613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
                                                                                                                                                                          SHA-512:3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\mr\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1719
                                                                                                                                                                          Entropy (8bit):4.287702203591075
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
                                                                                                                                                                          MD5:3B98C4ED8874A160C3789FEAD5553CFA
                                                                                                                                                                          SHA1:5550D0EC548335293D962AAA96B6443DD8ABB9F6
                                                                                                                                                                          SHA-256:ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
                                                                                                                                                                          SHA-512:5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\ms\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):936
                                                                                                                                                                          Entropy (8bit):4.457879437756106
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
                                                                                                                                                                          MD5:7D273824B1E22426C033FF5D8D7162B7
                                                                                                                                                                          SHA1:EADBE9DBE5519BD60458B3551BDFC36A10049DD1
                                                                                                                                                                          SHA-256:2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
                                                                                                                                                                          SHA-512:E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\my\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3830
                                                                                                                                                                          Entropy (8bit):3.5483353063347587
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
                                                                                                                                                                          MD5:342335A22F1886B8BC92008597326B24
                                                                                                                                                                          SHA1:2CB04F892E430DCD7705C02BF0A8619354515513
                                                                                                                                                                          SHA-256:243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
                                                                                                                                                                          SHA-512:CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\ne\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1898
                                                                                                                                                                          Entropy (8bit):4.187050294267571
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
                                                                                                                                                                          MD5:B1083DA5EC718D1F2F093BD3D1FB4F37
                                                                                                                                                                          SHA1:74B6F050D918448396642765DEF1AD5390AB5282
                                                                                                                                                                          SHA-256:E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
                                                                                                                                                                          SHA-512:7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\nl\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):914
                                                                                                                                                                          Entropy (8bit):4.513485418448461
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
                                                                                                                                                                          MD5:32DF72F14BE59A9BC9777113A8B21DE6
                                                                                                                                                                          SHA1:2A8D9B9A998453144307DD0B700A76E783062AD0
                                                                                                                                                                          SHA-256:F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
                                                                                                                                                                          SHA-512:E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\no\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):878
                                                                                                                                                                          Entropy (8bit):4.4541485835627475
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
                                                                                                                                                                          MD5:A1744B0F53CCF889955B95108367F9C8
                                                                                                                                                                          SHA1:6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
                                                                                                                                                                          SHA-256:21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
                                                                                                                                                                          SHA-512:F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\pa\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2766
                                                                                                                                                                          Entropy (8bit):3.839730779948262
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
                                                                                                                                                                          MD5:97F769F51B83D35C260D1F8CFD7990AF
                                                                                                                                                                          SHA1:0D59A76564B0AEE31D0A074305905472F740CECA
                                                                                                                                                                          SHA-256:BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
                                                                                                                                                                          SHA-512:D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\pl\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):978
                                                                                                                                                                          Entropy (8bit):4.879137540019932
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
                                                                                                                                                                          MD5:B8D55E4E3B9619784AECA61BA15C9C0F
                                                                                                                                                                          SHA1:B4A9C9885FBEB78635957296FDDD12579FEFA033
                                                                                                                                                                          SHA-256:E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
                                                                                                                                                                          SHA-512:266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\pt_BR\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):907
                                                                                                                                                                          Entropy (8bit):4.599411354657937
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
                                                                                                                                                                          MD5:608551F7026E6BA8C0CF85D9AC11F8E3
                                                                                                                                                                          SHA1:87B017B2D4DA17E322AF6384F82B57B807628617
                                                                                                                                                                          SHA-256:A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
                                                                                                                                                                          SHA-512:82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\pt_PT\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):914
                                                                                                                                                                          Entropy (8bit):4.604761241355716
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
                                                                                                                                                                          MD5:0963F2F3641A62A78B02825F6FA3941C
                                                                                                                                                                          SHA1:7E6972BEAB3D18E49857079A24FB9336BC4D2D48
                                                                                                                                                                          SHA-256:E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
                                                                                                                                                                          SHA-512:22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\ro\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):937
                                                                                                                                                                          Entropy (8bit):4.686555713975264
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
                                                                                                                                                                          MD5:BED8332AB788098D276B448EC2B33351
                                                                                                                                                                          SHA1:6084124A2B32F386967DA980CBE79DD86742859E
                                                                                                                                                                          SHA-256:085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
                                                                                                                                                                          SHA-512:22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\ru\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1337
                                                                                                                                                                          Entropy (8bit):4.69531415794894
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
                                                                                                                                                                          MD5:51D34FE303D0C90EE409A2397FCA437D
                                                                                                                                                                          SHA1:B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
                                                                                                                                                                          SHA-256:BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
                                                                                                                                                                          SHA-512:E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\si\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2846
                                                                                                                                                                          Entropy (8bit):3.7416822879702547
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
                                                                                                                                                                          MD5:B8A4FD612534A171A9A03C1984BB4BDD
                                                                                                                                                                          SHA1:F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
                                                                                                                                                                          SHA-256:54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
                                                                                                                                                                          SHA-512:C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\sk\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):934
                                                                                                                                                                          Entropy (8bit):4.882122893545996
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
                                                                                                                                                                          MD5:8E55817BF7A87052F11FE554A61C52D5
                                                                                                                                                                          SHA1:9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
                                                                                                                                                                          SHA-256:903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
                                                                                                                                                                          SHA-512:EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\sl\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):963
                                                                                                                                                                          Entropy (8bit):4.6041913416245
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
                                                                                                                                                                          MD5:BFAEFEFF32813DF91C56B71B79EC2AF4
                                                                                                                                                                          SHA1:F8EDA2B632610972B581724D6B2F9782AC37377B
                                                                                                                                                                          SHA-256:AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
                                                                                                                                                                          SHA-512:971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\sr\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1320
                                                                                                                                                                          Entropy (8bit):4.569671329405572
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
                                                                                                                                                                          MD5:7F5F8933D2D078618496C67526A2B066
                                                                                                                                                                          SHA1:B7050E3EFA4D39548577CF47CB119FA0E246B7A4
                                                                                                                                                                          SHA-256:4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
                                                                                                                                                                          SHA-512:0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\sv\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):884
                                                                                                                                                                          Entropy (8bit):4.627108704340797
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
                                                                                                                                                                          MD5:90D8FB448CE9C0B9BA3D07FB8DE6D7EE
                                                                                                                                                                          SHA1:D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
                                                                                                                                                                          SHA-256:64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
                                                                                                                                                                          SHA-512:6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\sw\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):980
                                                                                                                                                                          Entropy (8bit):4.50673686618174
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
                                                                                                                                                                          MD5:D0579209686889E079D87C23817EDDD5
                                                                                                                                                                          SHA1:C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
                                                                                                                                                                          SHA-256:0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
                                                                                                                                                                          SHA-512:D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wengine popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\ta\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1941
                                                                                                                                                                          Entropy (8bit):4.132139619026436
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
                                                                                                                                                                          MD5:DCC0D1725AEAEAAF1690EF8053529601
                                                                                                                                                                          SHA1:BB9D31859469760AC93E84B70B57909DCC02EA65
                                                                                                                                                                          SHA-256:6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
                                                                                                                                                                          SHA-512:6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\te\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1969
                                                                                                                                                                          Entropy (8bit):4.327258153043599
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
                                                                                                                                                                          MD5:385E65EF723F1C4018EEE6E4E56BC03F
                                                                                                                                                                          SHA1:0CEA195638A403FD99BAEF88A360BD746C21DF42
                                                                                                                                                                          SHA-256:026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
                                                                                                                                                                          SHA-512:E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\th\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1674
                                                                                                                                                                          Entropy (8bit):4.343724179386811
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
                                                                                                                                                                          MD5:64077E3D186E585A8BEA86FF415AA19D
                                                                                                                                                                          SHA1:73A861AC810DABB4CE63AD052E6E1834F8CA0E65
                                                                                                                                                                          SHA-256:D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
                                                                                                                                                                          SHA-512:56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\tr\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1063
                                                                                                                                                                          Entropy (8bit):4.853399816115876
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
                                                                                                                                                                          MD5:76B59AAACC7B469792694CF3855D3F4C
                                                                                                                                                                          SHA1:7C04A2C1C808FA57057A4CCEEE66855251A3C231
                                                                                                                                                                          SHA-256:B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
                                                                                                                                                                          SHA-512:2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\uk\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1333
                                                                                                                                                                          Entropy (8bit):4.686760246306605
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
                                                                                                                                                                          MD5:970963C25C2CEF16BB6F60952E103105
                                                                                                                                                                          SHA1:BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
                                                                                                                                                                          SHA-256:9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
                                                                                                                                                                          SHA-512:1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\ur\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1263
                                                                                                                                                                          Entropy (8bit):4.861856182762435
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
                                                                                                                                                                          MD5:8B4DF6A9281333341C939C244DDB7648
                                                                                                                                                                          SHA1:382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
                                                                                                                                                                          SHA-256:5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
                                                                                                                                                                          SHA-512:FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\vi\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1074
                                                                                                                                                                          Entropy (8bit):5.062722522759407
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
                                                                                                                                                                          MD5:773A3B9E708D052D6CBAA6D55C8A5438
                                                                                                                                                                          SHA1:5617235844595D5C73961A2C0A4AC66D8EA5F90F
                                                                                                                                                                          SHA-256:597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
                                                                                                                                                                          SHA-512:E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\zh_CN\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):879
                                                                                                                                                                          Entropy (8bit):5.7905809868505544
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
                                                                                                                                                                          MD5:3E76788E17E62FB49FB5ED5F4E7A3DCE
                                                                                                                                                                          SHA1:6904FFA0D13D45496F126E58C886C35366EFCC11
                                                                                                                                                                          SHA-256:E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
                                                                                                                                                                          SHA-512:F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\zh_HK\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1205
                                                                                                                                                                          Entropy (8bit):4.50367724745418
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
                                                                                                                                                                          MD5:524E1B2A370D0E71342D05DDE3D3E774
                                                                                                                                                                          SHA1:60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
                                                                                                                                                                          SHA-256:30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
                                                                                                                                                                          SHA-512:D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\zh_TW\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):843
                                                                                                                                                                          Entropy (8bit):5.76581227215314
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
                                                                                                                                                                          MD5:0E60627ACFD18F44D4DF469D8DCE6D30
                                                                                                                                                                          SHA1:2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
                                                                                                                                                                          SHA-256:F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
                                                                                                                                                                          SHA-512:6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_locales\zu\messages.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):912
                                                                                                                                                                          Entropy (8bit):4.65963951143349
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
                                                                                                                                                                          MD5:71F916A64F98B6D1B5D1F62D297FDEC1
                                                                                                                                                                          SHA1:9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
                                                                                                                                                                          SHA-256:EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
                                                                                                                                                                          SHA-512:30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\_metadata\verified_contents.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):18518
                                                                                                                                                                          Entropy (8bit):5.708460608391745
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:cLjrY6QDAwrlbs3jiD1DisLSFqwAqmq90QH:2jrSHbMjidLSFxA+0QH
                                                                                                                                                                          MD5:F1346F53663087A18F734B324E159F65
                                                                                                                                                                          SHA1:A1A79C373D154E6630DE9D46FD8902C0F6ACB860
                                                                                                                                                                          SHA-256:8A65785DEEBA93A107A2FE5060305873A40379CD8B2B848607DDE45ED9130E03
                                                                                                                                                                          SHA-512:FB6B92BEA01BF399D981260966A419AE328CAE7331970FED90DC9D158403B75F07ED1A7740771B56411E3730C946F831E2B1788B5A22E3139F17670FC9C7E48F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsiY2Fub25pY2FsX2pzb25fcm9vdF9oYXNoIjoiOE1xa2JXMkFQWkVpbzlQTHlYNVItT3o1bGs5a29sbnlWTWtvYlVabk15YyIsInBhdGgiOiJfbG9jYWxlcy9hZi9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoicWhJZ1d4Q0hVTS1mb0plRVlhYllpQjVPZ05vZ3FFYllKTnBBYWRuSkdFYyJ9LHsiY2Fub25pY2FsX2pzb25fcm9vdF9oYXNoIjoiV0E0cW96b3R5ZzJrcUpKU0FEYWNVMGNDbEdJYjlmMmp1ejhYalh0YUhybyIsInBhdGgiOiJfbG9jYWxlcy9hbS9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiWk9BYndwSzZMcUZwbFhiOHhFVTJjRWRTRHVpVjRwRE03aURDVEpNMjJPOCJ9LHsiY2Fub25pY2FsX2pzb25fcm9vdF9oYXNoIjoiQlk4QVRlUUktWHNqLWFSbVZfTi03dHVzUlJyQUNkU25yU3NhT2d3R3pTWSIsInBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsiY2Fub25pY2FsX2pzb25fcm9vdF9oYXNoIjoiX0pLU3pRcGk4TVczZE5WZldwN281STVjX09

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\dasherSettingSchema.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):854
                                                                                                                                                                          Entropy (8bit):4.284628987131403
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
                                                                                                                                                                          MD5:4EC1DF2DA46182103D2FFC3B92D20CA5
                                                                                                                                                                          SHA1:FB9D1BA3710CF31A87165317C6EDC110E98994CE
                                                                                                                                                                          SHA-256:6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
                                                                                                                                                                          SHA-512:939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\eventpage_bin_prod.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:ASCII text, with very long lines (3422)
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):82340
                                                                                                                                                                          Entropy (8bit):5.380000995741104
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:1536:1HejtmLJVlfF5z4d+3CNOzcheJm39n3p1jWctudKRwbbwuL:tVIfczcMmhDBt+L
                                                                                                                                                                          MD5:4902A531B4D907B2B81AF35251CADF2C
                                                                                                                                                                          SHA1:7875EE813923CB16B0F0C4DE3C49C08C85CE52A1
                                                                                                                                                                          SHA-256:C3CE23C47225A594425A1290E49CED80FF9F3360D787767B6C45C80314FCF666
                                                                                                                                                                          SHA-512:A7B8E713F33B1155D8D45B8B635B318262EA21F3D0856FA0409ED6636F84CB9E38B78FB0E0296C3A253953FBFBF11FD68AF6C5EDB00A17A90A9129161CCDC7EE
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:'use strict';function m(){return function(){}}var p;function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ca(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=ca(this);function t(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ba(c,a,{configurable:!0,writable:!0,value:b})}}.t("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f||"")+"_"+e++,f)}function c(f,g){this.g=f;ba(this,"description",{configurable:!

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\manifest.json

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2397
                                                                                                                                                                          Entropy (8bit):5.423775942969832
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:1HEZ4qW4VlELb/KxktGu7VwELb/s2QDkUpvdlmF1exy/Otj19SVvs:W7WsaLTKQGuxTLT2Rv3mves/OP9SVk
                                                                                                                                                                          MD5:C2CFE399D41AD342B3ECDE0211F98725
                                                                                                                                                                          SHA1:345AB6BA0CB69246F480AE4273F68869AC8011DA
                                                                                                                                                                          SHA-256:DB3991C5788FC6968DF25180898EF42AD974192DFE0AED4E12969219A1EB8565
                                                                                                                                                                          SHA-512:CEE1AB92EED7169C33BBDA701FA56EF850705B3F2AE802E772ABF870837022671F06EBA69DED628AF868DB827871CCBF3F551FCEF201041EEABF89ADAA546FB7
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "persistent": false,.. "scripts": [ "eventpage_bin_prod.js" ].. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/*", "https://drive.google.com/*", "https://drive-autopush.corp.google.com/*", "https://drive-daily-0.corp.google.com/*", "https://drive-daily-1.corp.google.com/*", "https://drive-daily-2.corp.google.com/*", "https://drive-daily-3.corp.google.com/*", "https://drive-daily-4.corp.google.com/*", "https://drive-daily-5.corp.google.com/*", "https://drive-daily-6.corp.google.com/*", "https://drive-preprod.corp.google.com/*", "https://drive-staging.corp.google.com/*" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": "script-src 'self'; object-src 'self'",.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "matches": [ "htt

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7452_351896296\CRX_INSTALL\page_embed_script.js

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):291
                                                                                                                                                                          Entropy (8bit):4.644891151983713
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK6M23:2Q8KVqb2u/Rt3OnjI
                                                                                                                                                                          MD5:EE9839F99DED6F38DC561DB846B51E80
                                                                                                                                                                          SHA1:DD2128A473C2FF47471400C81EFF416285DE606E
                                                                                                                                                                          SHA-256:06E08E421EB7F0FE7959D68E27D40A9146A54503090D95CFAC6F2FFD72A78769
                                                                                                                                                                          SHA-512:C8D77607F00CB8012CD056CE61CB77918EC43621270511303E09577F89CC57D4954E22E2C8C3FB1029AAE29F8142DAAE2E938CD5590AD0E5DE6DB1208AFEF874
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=2;}).call(this);.

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\{B97133A3-FF2E-401B-99B9-710C46C91FB5}-brave_installer-x64.exe (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):124775448
                                                                                                                                                                          Entropy (8bit):7.999996586829686
                                                                                                                                                                          Encrypted:true
                                                                                                                                                                          SSDEEP:3145728:G7pzQwa6D75W9AobFmNOlpCbLcRLq4vtpN8/RKA/gSBa5:GdzjD7s9FlgsRL9Vo/u5
                                                                                                                                                                          MD5:40976C35E6CA27871F134A8A2FCAFC21
                                                                                                                                                                          SHA1:FAA553B01EE47E9079F24A930BCE454BC2D48B37
                                                                                                                                                                          SHA-256:F5E6C9BA8FB7867D041BC5D7591B50714688FBD31E6716A4D631D549ECEEB03C
                                                                                                                                                                          SHA-512:4B178177039B894A92E712BFBE7358BB84F2830E8E042B77B3C1864A449F48FAADE7F5F016BC9C03B946BB47AF8389A3DE62C8CC283B9A948021E04338BEBDD6
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...(..e.........."......8....o................@............................. p.......p...`..................................................Y..P........go...........o..(....p.(....X..............................PP..@...........0\...............................text...67.......8.................. ..`.rdata..`....P.......<..............@..@.data...p....p.......R..............@....pdata...............T..............@..@.retplne.............X...................rsrc....go......ho..Z..............@..@.reloc..(.....p.......o.............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\~DF092B6AACD1448E0F.TMP

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):16384
                                                                                                                                                                          Entropy (8bit):0.2364979660455589
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:3NvM7yGpSU3NvM7y8Dy+DygoDyKqDlsN2cgJ8H1C:9vqyVKvqy6yEyvy5DlsN5Ac
                                                                                                                                                                          MD5:7DA63F3349ADCE46708E4C0690063EC5
                                                                                                                                                                          SHA1:3A4B1BC2A9F48A8E4227E461B85B46F14CA69D3D
                                                                                                                                                                          SHA-256:C40819535B4185A8DB93B768A6B27657C5234D9789992D278CC01A4B3E353775
                                                                                                                                                                          SHA-512:20C16F35AFA9B663C268224BE0AC6CFCAD7F5EDD2F3903E50BA5803ECC421BF54ED974001D3F056CA8E830832C874BA53AD30B111000ECBA361B9DF18BE2265F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\~DF113C30D0FCDB2E90.TMP

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):16384
                                                                                                                                                                          Entropy (8bit):0.5816495860074986
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:9vqyVKvqy6yEyvy5DlsNUAcSxLNkxIxLunwxtxIxiumKJ1YkJ2V:9SgKS9LYu099xLmWxLunwxtWxlmKDZY
                                                                                                                                                                          MD5:06A87BE0BACFA50C75DCAB462EE970AC
                                                                                                                                                                          SHA1:BA41EFACD43FC4B4832132950E99A2619A63AAB5
                                                                                                                                                                          SHA-256:7BF3B20C9428B2BDC5C9D898C98F11DB060C7B74D23650BC41F24662E64A2A40
                                                                                                                                                                          SHA-512:2DEE3A6E25519F43C4CC0F678D4A51D0CC32242917A998609EE380F81CB27A50041965B72E5F95D03D452082F91C86620453293B6F4236A6904DF933B1AD9B0E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\~DF2163B75CF584144E.TMP

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):16384
                                                                                                                                                                          Entropy (8bit):0.2364979660455589
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:3NvM7yGpSU3NvM7y8Dy+DygoDyKqDlsN16gJ8H1C:9vqyVKvqy6yEyvy5DlsNUAc
                                                                                                                                                                          MD5:766DC8C2D2B704377A5D7A7CF489F4B1
                                                                                                                                                                          SHA1:DD1B20EA878BAC7D8AEB1A77C3EEE35429A069BE
                                                                                                                                                                          SHA-256:56669F04C60CBD07A2EE32D7B66236E4DE354EE94A1C34BAF25B6B3ED203E159
                                                                                                                                                                          SHA-512:59EAE579720FCD522F65D796101FD2B16EE20DD5D9812386436345BFE009961C3A6785F994E85AAFAEDC9F198E58BC671D367377550604CD99CF76EB88211E94
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\~DF5B9CE48D4F4E9764.TMP

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):16384
                                                                                                                                                                          Entropy (8bit):0.2364979660455589
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:3NvM7yGpSU3NvM7y8Dy+DygoDyKqDlsN16gJ8H1C:9vqyVKvqy6yEyvy5DlsNUAc
                                                                                                                                                                          MD5:766DC8C2D2B704377A5D7A7CF489F4B1
                                                                                                                                                                          SHA1:DD1B20EA878BAC7D8AEB1A77C3EEE35429A069BE
                                                                                                                                                                          SHA-256:56669F04C60CBD07A2EE32D7B66236E4DE354EE94A1C34BAF25B6B3ED203E159
                                                                                                                                                                          SHA-512:59EAE579720FCD522F65D796101FD2B16EE20DD5D9812386436345BFE009961C3A6785F994E85AAFAEDC9F198E58BC671D367377550604CD99CF76EB88211E94
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\~DF63D15D546AE3B5CD.TMP

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):16384
                                                                                                                                                                          Entropy (8bit):0.19654419003027548
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:bIwU3yR7lOOl0flwOnqbuXT7nl++Enk/kPnl1En7:HRoP7jZ7k6
                                                                                                                                                                          MD5:326E96EE4B8B4224CAE05159964B60D5
                                                                                                                                                                          SHA1:A067414766F3AAF73B6EAB48945CD845EF8D01F0
                                                                                                                                                                          SHA-256:FCEEA8F59E42CE9F29E77C7EBD82FDB3F24729DABA1D3DD8AB55B34B71E92C0C
                                                                                                                                                                          SHA-512:512AD8BB38A8526748FF61AE3B1C70F5F97FDE4885C1913953B8FE47D31624D61552769000E5F2E36D064D6B860DDEA89AAAF080CE4590037F032C07324791D5
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\~DFBA219CAEE95E3985.TMP

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):16384
                                                                                                                                                                          Entropy (8bit):0.2364979660455589
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:3NvM7yGpSU3NvM7y8Dy+DygoDyKqDlsN16gJ8H1C:9vqyVKvqy6yEyvy5DlsNUAc
                                                                                                                                                                          MD5:766DC8C2D2B704377A5D7A7CF489F4B1
                                                                                                                                                                          SHA1:DD1B20EA878BAC7D8AEB1A77C3EEE35429A069BE
                                                                                                                                                                          SHA-256:56669F04C60CBD07A2EE32D7B66236E4DE354EE94A1C34BAF25B6B3ED203E159
                                                                                                                                                                          SHA-512:59EAE579720FCD522F65D796101FD2B16EE20DD5D9812386436345BFE009961C3A6785F994E85AAFAEDC9F198E58BC671D367377550604CD99CF76EB88211E94
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\~DFDB7369485B29AF41.TMP

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):16384
                                                                                                                                                                          Entropy (8bit):0.2364979660455589
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:3NvM7yGpSU3NvM7y8Dy+DygoDyKqDlsN16gJ8H1C:9vqyVKvqy6yEyvy5DlsNUAc
                                                                                                                                                                          MD5:766DC8C2D2B704377A5D7A7CF489F4B1
                                                                                                                                                                          SHA1:DD1B20EA878BAC7D8AEB1A77C3EEE35429A069BE
                                                                                                                                                                          SHA-256:56669F04C60CBD07A2EE32D7B66236E4DE354EE94A1C34BAF25B6B3ED203E159
                                                                                                                                                                          SHA-512:59EAE579720FCD522F65D796101FD2B16EE20DD5D9812386436345BFE009961C3A6785F994E85AAFAEDC9F198E58BC671D367377550604CD99CF76EB88211E94
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):55
                                                                                                                                                                          Entropy (8bit):4.306461250274409
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                                                                                          MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                                                                          SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                                                                          SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                                                                          SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                                                                                                          C:\Windows\Temp\gui8936.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (4404), with no line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4407
                                                                                                                                                                          Entropy (8bit):6.01624901027111
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:7wcN5LCsQ3+qLjHt1bMCmC8YMcwAqi+FY2pZqiUkWIk0AwWAJGOE1:J6+qXHt1QCmUMcwTiWY2hUkyrwWAc
                                                                                                                                                                          MD5:DA89A2F9314528D7D6A27CC4DF5965E4
                                                                                                                                                                          SHA1:3242EE1187E7ECF79ABC052ED6725FC070E6423C
                                                                                                                                                                          SHA-256:CFF0E6414634580AF01999F04356F14285CD48BC004D741DE6615B93E20EC4F0
                                                                                                                                                                          SHA-512:B6584795A15D3EF45BC1EDC0DE4E59633A7FF6C26CB481D580FC1C023CF9474BE8B1CFACD553CE26106AC868A5E058204C8AB979999AE52EF6E5317479F5DEA1
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.{"variations_compressed_seed":"H4sICCrd72UAA3NlZWQAzVrbb9vWGbeUpnWPc3Ho+BLHSeSkSV0lEkjqvqIoZMnXWrZKyUkwDFAp8lhiTJEqSclRwXVbh2F92EvRPQ/Duu0/6Nv+gGF/wl6Gve3P2Hd4kQ4pyZ6Bri2SSBT53fhdfuc73wmK5SUp1SxkODktZsUT+JZw7oSVM1wacyeFdJb5YwQtlfGJ2FMtrrup6tKporVqVk8e5CP7z9BbW5rYVLE8P9N8gO5tGmIfF+UmIRtj2k+g2bJiuuRy8wFzAfkcesu7OT8jrDCowCe5ZIpNZnKxmVh0Y2YjshHdeOOTCPMc3fEIHYElvdMRNdn0jVwbGSk3b6LrAaKgFjSSDHIV9IiWe9TRlKb+uqIbeFcxLd0Y+BrepTWsohXvMaGsYdGQ2gI2QUpI2WxsZqjqGN12dGxjLB93ZdHCvuyHtOxFtOCQHeIzc0QaFntlKPavERRzGHZ0vaXimtLS9rQqNjqKaSq65uuI0zruobvnsOw/pYI407zHnEscDiHHcRDDDPwNhfDPlzaUv4yh/KUMXQoYeoUy8w8/jmJYChQDbeB/omjueU89FYcu+0uUCi7/bQTNOzIPIEU3B5u6aMhQ4kIlm4vb8JmP26fko2Nl47be7erkvvMNNz+u8FzGNk5TrCmf2iaWDGzZHVG1dBPbBnx0RGNg7x7Ut1I8vxW3VcVs6pqtipqEVd2y97QTRVNeJ15mCxm7xbNZvte1Gn2u0ZIbZptvtD5tYCw2DFsSNU3XWnZ9q3R4lCjt5HkOLcmutxrNQaOlNgysydjABrMcr4iqktjJ8XHbu/zww1glzj9Ci1jzOWTcVyTc0MQOZlBRBm49nk2xzVn0puuu/aVAXs8y/v1wycai4HDi6l9H0OJWt4072BDVGtS72BoW7QO6oBg0H6bbjwW0Mcw4RTjg+QIEnOeSuVQg4L/5Hq1YCVgRLOBvoujWsY

                                                                                                                                                                          Static File Info

                                                                                                                                                                          General

                                                                                                                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Entropy (8bit):7.913845028849878
                                                                                                                                                                          TrID:
                                                                                                                                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                          File name:BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          File size:1'446'992 bytes
                                                                                                                                                                          MD5:e3e7498c2436a1570109fbe755af1d40
                                                                                                                                                                          SHA1:d7fb79f465d2c87ef22088327b5bfb73899fdf7e
                                                                                                                                                                          SHA256:498e27ed4e5bb584672992f459c0e51cd1e7345889dff1521ccf577b13ed6313
                                                                                                                                                                          SHA512:4dd6025d4ebd1d4edeec077ee39e8704d2ed04ffd5f7ad83934a2ada8d0e3aefb15841b36ad0454e0c2cd6be12e13b2015de322d27059cb2fea8bb7f4a247096
                                                                                                                                                                          SSDEEP:24576:w2hOU0p4qlWfBTfmRfanIT6lUScOWFohEp6Vvn6qtndPVmatCkbpmp:zhOJpP4JTm5T6lkFohDB6sndPVa6g
                                                                                                                                                                          TLSH:C0652211B2D88031E6B31E3194F496755ABEFC741F30AA8F27849E3A5EB0582F674376
                                                                                                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........V........................Z.....................................................................~.............Rich...........

                                                                                                                                                                          File Icon

                                                                                                                                                                          Icon Hash:2f232d67b7934633

                                                                                                                                                                          Static PE Info

                                                                                                                                                                          General

                                                                                                                                                                          Entrypoint:0x40699b
                                                                                                                                                                          Entrypoint Section:.text
                                                                                                                                                                          Digitally signed:true
                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                          Subsystem:windows gui
                                                                                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                          Time Stamp:0x65E80F21 [Wed Mar 6 06:37:21 2024 UTC]
                                                                                                                                                                          TLS Callbacks:
                                                                                                                                                                          CLR (.Net) Version:
                                                                                                                                                                          OS Version Major:5
                                                                                                                                                                          OS Version Minor:1
                                                                                                                                                                          File Version Major:5
                                                                                                                                                                          File Version Minor:1
                                                                                                                                                                          Subsystem Version Major:5
                                                                                                                                                                          Subsystem Version Minor:1
                                                                                                                                                                          Import Hash:c7edaf3f3d9b0b390b0f0473c7a8cf06

                                                                                                                                                                          Authenticode Signature

                                                                                                                                                                          Signature Valid:true
                                                                                                                                                                          Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                                                                                                                                                                          Signature Validation Error:The operation completed successfully
                                                                                                                                                                          Error Number:0
                                                                                                                                                                          Not Before, Not After
                                                                                                                                                                          • 06/06/2023 01:00:00 08/08/2024 00:59:59
                                                                                                                                                                          Subject Chain
                                                                                                                                                                          • CN="Brave Software, Inc.", O="Brave Software, Inc.", L=San Francisco, S=California, C=US
                                                                                                                                                                          Version:3
                                                                                                                                                                          Thumbprint MD5:16D12EA31FCCA2DB434A4CE2764212FB
                                                                                                                                                                          Thumbprint SHA-1:8903F2BD47465A4F0F080AA7CEEC31A31B74DE42
                                                                                                                                                                          Thumbprint SHA-256:9422AAD6EED2524B47A4E58D835AC34009EA3B76DD25155EFCCBD0CDB6C1EE88
                                                                                                                                                                          Serial:031543E76CA971575EEDF22AA3719DCC

                                                                                                                                                                          Entrypoint Preview

                                                                                                                                                                          Instruction
                                                                                                                                                                          call 00007F4814E710D8h
                                                                                                                                                                          jmp 00007F4814E70CAFh
                                                                                                                                                                          push ebp
                                                                                                                                                                          mov ebp, esp
                                                                                                                                                                          mov eax, dword ptr [ebp+08h]
                                                                                                                                                                          push esi
                                                                                                                                                                          mov ecx, dword ptr [eax+3Ch]
                                                                                                                                                                          add ecx, eax
                                                                                                                                                                          movzx eax, word ptr [ecx+14h]
                                                                                                                                                                          lea edx, dword ptr [ecx+18h]
                                                                                                                                                                          add edx, eax
                                                                                                                                                                          movzx eax, word ptr [ecx+06h]
                                                                                                                                                                          imul esi, eax, 28h
                                                                                                                                                                          add esi, edx
                                                                                                                                                                          cmp edx, esi
                                                                                                                                                                          je 00007F4814E70E4Bh
                                                                                                                                                                          mov ecx, dword ptr [ebp+0Ch]
                                                                                                                                                                          cmp ecx, dword ptr [edx+0Ch]
                                                                                                                                                                          jc 00007F4814E70E3Ch
                                                                                                                                                                          mov eax, dword ptr [edx+08h]
                                                                                                                                                                          add eax, dword ptr [edx+0Ch]
                                                                                                                                                                          cmp ecx, eax
                                                                                                                                                                          jc 00007F4814E70E3Eh
                                                                                                                                                                          add edx, 28h
                                                                                                                                                                          cmp edx, esi
                                                                                                                                                                          jne 00007F4814E70E1Ch
                                                                                                                                                                          xor eax, eax
                                                                                                                                                                          pop esi
                                                                                                                                                                          pop ebp
                                                                                                                                                                          ret
                                                                                                                                                                          mov eax, edx
                                                                                                                                                                          jmp 00007F4814E70E2Bh
                                                                                                                                                                          push esi
                                                                                                                                                                          call 00007F4814E715BCh
                                                                                                                                                                          test eax, eax
                                                                                                                                                                          je 00007F4814E70E52h
                                                                                                                                                                          mov eax, dword ptr fs:[00000018h]
                                                                                                                                                                          mov esi, 0042396Ch
                                                                                                                                                                          mov edx, dword ptr [eax+04h]
                                                                                                                                                                          jmp 00007F4814E70E36h
                                                                                                                                                                          cmp edx, eax
                                                                                                                                                                          je 00007F4814E70E42h
                                                                                                                                                                          xor eax, eax
                                                                                                                                                                          mov ecx, edx
                                                                                                                                                                          lock cmpxchg dword ptr [esi], ecx
                                                                                                                                                                          test eax, eax
                                                                                                                                                                          jne 00007F4814E70E22h
                                                                                                                                                                          xor al, al
                                                                                                                                                                          pop esi
                                                                                                                                                                          ret
                                                                                                                                                                          mov al, 01h
                                                                                                                                                                          pop esi
                                                                                                                                                                          ret
                                                                                                                                                                          push ebp
                                                                                                                                                                          mov ebp, esp
                                                                                                                                                                          cmp dword ptr [ebp+08h], 00000000h
                                                                                                                                                                          jne 00007F4814E70E39h
                                                                                                                                                                          mov byte ptr [00423970h], 00000001h
                                                                                                                                                                          call 00007F4814E713AAh
                                                                                                                                                                          call 00007F4814E7192Eh
                                                                                                                                                                          test al, al
                                                                                                                                                                          jne 00007F4814E70E36h
                                                                                                                                                                          xor al, al
                                                                                                                                                                          pop ebp
                                                                                                                                                                          ret
                                                                                                                                                                          call 00007F4814E74B16h
                                                                                                                                                                          test al, al
                                                                                                                                                                          jne 00007F4814E70E3Ch
                                                                                                                                                                          push 00000000h
                                                                                                                                                                          call 00007F4814E71935h
                                                                                                                                                                          pop ecx
                                                                                                                                                                          jmp 00007F4814E70E1Bh
                                                                                                                                                                          mov al, 01h
                                                                                                                                                                          pop ebp
                                                                                                                                                                          ret
                                                                                                                                                                          push ebp
                                                                                                                                                                          mov ebp, esp
                                                                                                                                                                          cmp byte ptr [00423971h], 00000000h
                                                                                                                                                                          je 00007F4814E70E36h
                                                                                                                                                                          mov al, 01h

                                                                                                                                                                          Data Directories

                                                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x21ae00x8c.rdata
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x250000x13673c.rsrc
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x15a0000x7450
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x15c0000x1508.reloc
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x20ce00x54.rdata
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x20e000x18.rdata
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x20d380x40.rdata
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x1a0000x1d4.rdata
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                          Sections

                                                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                          .text0x10000x18d200x18e00f6f6a8ebc9148ced19baf0cf8ce514c3False0.5874489635678392data6.645990561543334IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                          .rdata0x1a0000x85420x86003ed425119d83d29a9ea792647f00b190False0.4646688432835821data5.055308375977805IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                          .data0x230000x14540xa00905c57baa258d4dc27795aa058f06acaFalse0.175390625DOS executable (block device driver \277DN)2.379800202702836IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                          .rsrc0x250000x13673c0x136800ea570ee0e9f44be61c8e291d4d28b38dFalse0.9824376006441223data7.987680716387453IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                          .reloc0x15c0000x15080x1600c68100246f68f2ae3852dabe12991f75False0.7739701704545454data6.484253115308844IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                          Resources

                                                                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                          B0x258240x12e1f8LZMA compressed data, non-streamed, size 81696031.0003108978271484
                                                                                                                                                                          BRAVEUPDATE0x153a1c0x4data3.0
                                                                                                                                                                          RT_ICON0x153a200x128Device independent bitmap graphic, 16 x 32 x 4, image size 192, 16 important colorsEnglishUnited States0.6317567567567568
                                                                                                                                                                          RT_ICON0x153b480x568Device independent bitmap graphic, 16 x 32 x 8, image size 320, 256 important colorsEnglishUnited States0.5823699421965318
                                                                                                                                                                          RT_ICON0x1540b00x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640, 16 important colorsEnglishUnited States0.5120967741935484
                                                                                                                                                                          RT_ICON0x1543980x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.5455776173285198
                                                                                                                                                                          RT_ICON0x154c400x668Device independent bitmap graphic, 48 x 96 x 4, image size 1536EnglishUnited States0.36341463414634145
                                                                                                                                                                          RT_ICON0x1552a80xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2688EnglishUnited States0.42350746268656714
                                                                                                                                                                          RT_STRING0x1561500x13eMatlab v4 mat-file (little endian) m, numeric, rows 0, columns 0ArabicSaudi Arabia0.6446540880503144
                                                                                                                                                                          RT_STRING0x1562900x1aaMatlab v4 mat-file (little endian) m, numeric, rows 0, columns 0BulgarianBulgaria0.5
                                                                                                                                                                          RT_STRING0x15643c0x196Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0CatalanSpain0.49507389162561577
                                                                                                                                                                          RT_STRING0x1565d40xccMatlab v4 mat-file (little endian) m, numeric, rows 0, columns 0ChineseTaiwan0.7205882352941176
                                                                                                                                                                          RT_STRING0x1566a00x18aMatlab v4 mat-file (little endian) m, numeric, rows 0, columns 0CzechCzech Republic0.5152284263959391
                                                                                                                                                                          RT_STRING0x15682c0x15aMatlab v4 mat-file (little endian) m, numeric, rows 0, columns 0DanishDenmark0.5144508670520231
                                                                                                                                                                          RT_STRING0x1569880x16aMatlab v4 mat-file (little endian) m, numeric, rows 0, columns 0GermanGermany0.5276243093922652
                                                                                                                                                                          RT_STRING0x156af40x1b0Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0GreekGreece0.5462962962962963
                                                                                                                                                                          RT_STRING0x156ca40x134Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0EnglishUnited States0.5324675324675324
                                                                                                                                                                          RT_STRING0x156dd80x188Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0FinnishFinland0.5102040816326531
                                                                                                                                                                          RT_STRING0x156f600x1c0Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0FrenchFrance0.45535714285714285
                                                                                                                                                                          RT_STRING0x1571200x142Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0HebrewIsrael0.5590062111801242
                                                                                                                                                                          RT_STRING0x1572640x164Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0HungarianHungary0.550561797752809
                                                                                                                                                                          RT_STRING0x1573c80x150Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0IcelandicIceland0.5208333333333334
                                                                                                                                                                          RT_STRING0x1575180x1b0Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0ItalianItaly0.45601851851851855
                                                                                                                                                                          RT_STRING0x1576c80xfeMatlab v4 mat-file (little endian) m, numeric, rows 0, columns 0JapaneseJapan0.7125984251968503
                                                                                                                                                                          RT_STRING0x1577c80xf2Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0KoreanNorth Korea0.7231404958677686
                                                                                                                                                                          RT_STRING0x1577c80xf2Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0KoreanSouth Korea0.7231404958677686
                                                                                                                                                                          RT_STRING0x1578bc0x1b0Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0DutchNetherlands0.44907407407407407
                                                                                                                                                                          RT_STRING0x157a6c0x180Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0NorwegianNorway0.4713541666666667
                                                                                                                                                                          RT_STRING0x157bec0x190Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0PolishPoland0.52
                                                                                                                                                                          RT_STRING0x157d7c0x15eMatlab v4 mat-file (little endian) m, numeric, rows 0, columns 0PortugueseBrazil0.52
                                                                                                                                                                          RT_STRING0x157edc0x1c6Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0RomanianRomania0.4713656387665198
                                                                                                                                                                          RT_STRING0x1580a40x196Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0RussianRussia0.5492610837438424
                                                                                                                                                                          RT_STRING0x15823c0x19cMatlab v4 mat-file (little endian) m, numeric, rows 0, columns 0CroatianCroatia0.470873786407767
                                                                                                                                                                          RT_STRING0x1583d80x180Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0SlovakSlovakia0.5260416666666666
                                                                                                                                                                          RT_STRING0x1585580x1a0Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0SwedishSweden0.4639423076923077
                                                                                                                                                                          RT_STRING0x1586f80x15aMatlab v4 mat-file (little endian) m, numeric, rows 0, columns 0ThaiThailand0.6011560693641619
                                                                                                                                                                          RT_STRING0x1588540x15aMatlab v4 mat-file (little endian) m, numeric, rows 0, columns 0TurkishTurkey0.5260115606936416
                                                                                                                                                                          RT_STRING0x1589b00x12cMatlab v4 mat-file (little endian) m, numeric, rows 0, columns 0UrduPakistan0.6366666666666667
                                                                                                                                                                          RT_STRING0x1589b00x12cMatlab v4 mat-file (little endian) m, numeric, rows 0, columns 0UrduIndia0.6366666666666667
                                                                                                                                                                          RT_STRING0x158adc0x178Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0IndonesianIndonesia0.5079787234042553
                                                                                                                                                                          RT_STRING0x158c540x16eMatlab v4 mat-file (little endian) m, numeric, rows 0, columns 0UkrainianUkrain0.5601092896174863
                                                                                                                                                                          RT_STRING0x158dc40x1bcMatlab v4 mat-file (little endian) m, numeric, rows 0, columns 0SlovenianSlovenia0.4617117117117117
                                                                                                                                                                          RT_STRING0x158f800x14cMatlab v4 mat-file (little endian) m, numeric, rows 0, columns 0EstonianEstonia0.5271084337349398
                                                                                                                                                                          RT_STRING0x1590cc0x1d8Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0LatvianLativa0.4661016949152542
                                                                                                                                                                          RT_STRING0x1592a40x188Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0LithuanianLithuania0.48214285714285715
                                                                                                                                                                          RT_STRING0x15942c0x138Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0FarsiIran0.5833333333333334
                                                                                                                                                                          RT_STRING0x15942c0x138Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0FarsiAfganistan0.5833333333333334
                                                                                                                                                                          RT_STRING0x15942c0x138Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0FarsiTajikistan0.5833333333333334
                                                                                                                                                                          RT_STRING0x15942c0x138Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0FarsiUzbekistan0.5833333333333334
                                                                                                                                                                          RT_STRING0x1595640x158Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0VietnameseVietnam0.5406976744186046
                                                                                                                                                                          RT_STRING0x1596bc0x13cMatlab v4 mat-file (little endian) m, numeric, rows 0, columns 0HindiIndia0.6139240506329114
                                                                                                                                                                          RT_STRING0x1597f80x15cMatlab v4 mat-file (little endian) m, numeric, rows 0, columns 0MalayMalaysia0.5086206896551724
                                                                                                                                                                          RT_STRING0x1599540x172Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0SwahiliKenya0.4972972972972973
                                                                                                                                                                          RT_STRING0x1599540x172Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0SwahiliMozambiq0.4972972972972973
                                                                                                                                                                          RT_STRING0x159ac80x136Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0BengaliIndia0.6387096774193548
                                                                                                                                                                          RT_STRING0x159c000x152Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0GujaratiIndia0.621301775147929
                                                                                                                                                                          RT_STRING0x159d540x14eMatlab v4 mat-file (little endian) m, numeric, rows 0, columns 0TamilIndia0.6017964071856288
                                                                                                                                                                          RT_STRING0x159d540x14eMatlab v4 mat-file (little endian) m, numeric, rows 0, columns 0TamilSri Lanka0.6017964071856288
                                                                                                                                                                          RT_STRING0x159ea40x154Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0TeluguIndia0.6176470588235294
                                                                                                                                                                          RT_STRING0x159ff80x156Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0KannadaKanada0.6403508771929824
                                                                                                                                                                          RT_STRING0x15a1500x19aMatlab v4 mat-file (little endian) m, numeric, rows 0, columns 0MalayalamIndia0.5292682926829269
                                                                                                                                                                          RT_STRING0x15a2ec0x178Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0MarathiIndia0.601063829787234
                                                                                                                                                                          RT_STRING0x15a4640xf0Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0AmharicEthiopia0.7541666666666667
                                                                                                                                                                          RT_STRING0x15a5540x17cMatlab v4 mat-file (little endian) m, numeric, rows 0, columns 0FilipinoPhilippines0.49473684210526314
                                                                                                                                                                          RT_STRING0x15a6d00xceMatlab v4 mat-file (little endian) m, numeric, rows 0, columns 0ChineseChina0.7233009708737864
                                                                                                                                                                          RT_STRING0x15a7a00x134Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0EnglishGreat Britain0.5324675324675324
                                                                                                                                                                          RT_STRING0x15a8d40x152Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0SpanishMexico0.5118343195266272
                                                                                                                                                                          RT_STRING0x15aa280x188Matlab v4 mat-file (little endian) m, numeric, rows 0, columns 0PortuguesePortugal0.4872448979591837
                                                                                                                                                                          RT_STRING0x15abb00x1aaMatlab v4 mat-file (little endian) m, numeric, rows 0, columns 00.48826291079812206
                                                                                                                                                                          RT_STRING0x15ad5c0x1beMatlab v4 mat-file (little endian) m, numeric, rows 0, columns 0SerbianCyrillic0.5
                                                                                                                                                                          RT_GROUP_ICON0x15af1c0x5adataEnglishUnited States0.7333333333333333
                                                                                                                                                                          RT_VERSION0x15af780x334dataEnglishUnited States0.4292682926829268
                                                                                                                                                                          RT_MANIFEST0x15b2ac0x48eXML 1.0 document, ASCII text0.43310463121783876

                                                                                                                                                                          Imports

                                                                                                                                                                          DLLImport
                                                                                                                                                                          KERNEL32.dllInitializeSListHead, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, IsProcessorFeaturePresent, GetModuleHandleW, GetCurrentProcess, TerminateProcess, RtlUnwind, GetLastError, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, GetProcAddress, LoadLibraryExW, EncodePointer, RaiseException, GetStdHandle, WriteFile, GetModuleFileNameW, ExitProcess, GetModuleHandleExW, OutputDebugStringW, HeapAlloc, HeapFree, FindClose, FindFirstFileExW, FindNextFileW, GetSystemTimeAsFileTime, GetACP, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, MultiByteToWideChar, WideCharToMultiByte, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetStdHandle, GetFileType, GetStringTypeW, LCMapStringW, GetProcessHeap, HeapSize, HeapReAlloc, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, SetFilePointerEx, ReadFile, CreateFileW, CloseHandle, WriteConsoleW, DecodePointer, lstrcpynW, CreateEventW, WaitForSingleObjectEx, ResetEvent, GetCurrentThreadId, GetCurrentProcessId, IsValidCodePage, QueryPerformanceCounter, CreateDirectoryW, SizeofResource, lstrlenW, RemoveDirectoryW, GetTempPathW, FormatMessageW, LockResource, DeleteFileW, FindResourceExW, LoadResource, FindResourceW, HeapDestroy, LocalFree, VerSetConditionMask, CopyFileW, VerifyVersionInfoW, GetTempFileNameW, lstrcmpiW, UnmapViewOfFile, CreateFileMappingW, MapViewOfFile, VirtualQuery, SetFilePointer, WaitForSingleObject, CreateProcessW, GetExitCodeProcess, SetEvent
                                                                                                                                                                          SHLWAPI.dllPathQuoteSpacesW, PathAppendW, PathRemoveExtensionW, PathStripPathW
                                                                                                                                                                          ADVAPI32.dllRegCreateKeyExW, RegSetValueExW, RegCloseKey
                                                                                                                                                                          ole32.dllCoUninitialize, CoInitializeEx
                                                                                                                                                                          SHELL32.dllSHGetFolderPathW
                                                                                                                                                                          USER32.dllMessageBoxW, CharUpperBuffW, CharLowerBuffW

                                                                                                                                                                          Possible Origin

                                                                                                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                          EnglishUnited States
                                                                                                                                                                          ArabicSaudi Arabia
                                                                                                                                                                          BulgarianBulgaria
                                                                                                                                                                          CatalanSpain
                                                                                                                                                                          ChineseTaiwan
                                                                                                                                                                          CzechCzech Republic
                                                                                                                                                                          DanishDenmark
                                                                                                                                                                          GermanGermany
                                                                                                                                                                          GreekGreece
                                                                                                                                                                          FinnishFinland
                                                                                                                                                                          FrenchFrance
                                                                                                                                                                          HebrewIsrael
                                                                                                                                                                          HungarianHungary
                                                                                                                                                                          IcelandicIceland
                                                                                                                                                                          ItalianItaly
                                                                                                                                                                          JapaneseJapan
                                                                                                                                                                          KoreanNorth Korea
                                                                                                                                                                          KoreanSouth Korea
                                                                                                                                                                          DutchNetherlands
                                                                                                                                                                          NorwegianNorway
                                                                                                                                                                          PolishPoland
                                                                                                                                                                          PortugueseBrazil
                                                                                                                                                                          RomanianRomania
                                                                                                                                                                          RussianRussia
                                                                                                                                                                          CroatianCroatia
                                                                                                                                                                          SlovakSlovakia
                                                                                                                                                                          SwedishSweden
                                                                                                                                                                          ThaiThailand
                                                                                                                                                                          TurkishTurkey
                                                                                                                                                                          UrduPakistan
                                                                                                                                                                          UrduIndia
                                                                                                                                                                          IndonesianIndonesia
                                                                                                                                                                          UkrainianUkrain
                                                                                                                                                                          SlovenianSlovenia
                                                                                                                                                                          EstonianEstonia
                                                                                                                                                                          LatvianLativa
                                                                                                                                                                          LithuanianLithuania
                                                                                                                                                                          FarsiIran
                                                                                                                                                                          FarsiAfganistan
                                                                                                                                                                          FarsiTajikistan
                                                                                                                                                                          FarsiUzbekistan
                                                                                                                                                                          VietnameseVietnam
                                                                                                                                                                          MalayMalaysia
                                                                                                                                                                          SwahiliKenya
                                                                                                                                                                          SwahiliMozambiq
                                                                                                                                                                          TamilSri Lanka
                                                                                                                                                                          KannadaKanada
                                                                                                                                                                          AmharicEthiopia
                                                                                                                                                                          FilipinoPhilippines
                                                                                                                                                                          ChineseChina
                                                                                                                                                                          EnglishGreat Britain
                                                                                                                                                                          SpanishMexico
                                                                                                                                                                          PortuguesePortugal
                                                                                                                                                                          SerbianCyrillic

                                                                                                                                                                          Network Behavior

                                                                                                                                                                          Skipped network analysis since the amount of network traffic is too extensive. Please download the PCAP and check manually.

                                                                                                                                                                          Statistics

                                                                                                                                                                          CPU Usage

                                                                                                                                                                          Click to jump to process

                                                                                                                                                                          Memory Usage

                                                                                                                                                                          Click to jump to process

                                                                                                                                                                          High Level Behavior Distribution

                                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                                          Behavior

                                                                                                                                                                          Click to jump to process

                                                                                                                                                                          System Behavior

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:0
                                                                                                                                                                          Start time:10:13:57
                                                                                                                                                                          Start date:18/03/2024
                                                                                                                                                                          Path:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                          Imagebase:0x890000
                                                                                                                                                                          File size:1'446'992 bytes
                                                                                                                                                                          MD5 hash:E3E7498C2436A1570109FBE755AF1D40
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Reputation:low
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:1
                                                                                                                                                                          Start time:10:13:59
                                                                                                                                                                          Start date:18/03/2024
                                                                                                                                                                          Path:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:C:\Program Files (x86)\BraveSoftware\Temp\GUMCC5E.tmp\BraveUpdate.exe" /installsource taggedmi /install "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none
                                                                                                                                                                          Imagebase:0xec0000
                                                                                                                                                                          File size:175'424 bytes
                                                                                                                                                                          MD5 hash:7ACF578621988C8B80F4D7EF7A12B89F
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                          • Detection: 0%, ReversingLabs
                                                                                                                                                                          Reputation:low
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:2
                                                                                                                                                                          Start time:10:14:01
                                                                                                                                                                          Start date:18/03/2024
                                                                                                                                                                          Path:C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regsvc
                                                                                                                                                                          Imagebase:0x800000
                                                                                                                                                                          File size:175'424 bytes
                                                                                                                                                                          MD5 hash:7ACF578621988C8B80F4D7EF7A12B89F
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Reputation:low
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:3
                                                                                                                                                                          Start time:10:14:01
                                                                                                                                                                          Start date:18/03/2024
                                                                                                                                                                          Path:C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regserver
                                                                                                                                                                          Imagebase:0x800000
                                                                                                                                                                          File size:175'424 bytes
                                                                                                                                                                          MD5 hash:7ACF578621988C8B80F4D7EF7A12B89F
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Reputation:low
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:4
                                                                                                                                                                          Start time:10:14:01
                                                                                                                                                                          Start date:18/03/2024
                                                                                                                                                                          Path:C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exe
                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                          Commandline:"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exe"
                                                                                                                                                                          Imagebase:0x7ff744a00000
                                                                                                                                                                          File size:195'392 bytes
                                                                                                                                                                          MD5 hash:F2CA542F38E6B51EDB9790369117F54A
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Reputation:low
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:5
                                                                                                                                                                          Start time:10:14:02
                                                                                                                                                                          Start date:18/03/2024
                                                                                                                                                                          Path:C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /c
                                                                                                                                                                          Imagebase:0x800000
                                                                                                                                                                          File size:175'424 bytes
                                                                                                                                                                          MD5 hash:7ACF578621988C8B80F4D7EF7A12B89F
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Reputation:low
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:6
                                                                                                                                                                          Start time:10:14:02
                                                                                                                                                                          Start date:18/03/2024
                                                                                                                                                                          Path:C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ua /installsource scheduler
                                                                                                                                                                          Imagebase:0x800000
                                                                                                                                                                          File size:175'424 bytes
                                                                                                                                                                          MD5 hash:7ACF578621988C8B80F4D7EF7A12B89F
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Reputation:low
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:7
                                                                                                                                                                          Start time:10:14:02
                                                                                                                                                                          Start date:18/03/2024
                                                                                                                                                                          Path:C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exe
                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                          Commandline:"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exe"
                                                                                                                                                                          Imagebase:0x7ff744a00000
                                                                                                                                                                          File size:195'392 bytes
                                                                                                                                                                          MD5 hash:F2CA542F38E6B51EDB9790369117F54A
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Reputation:low
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:8
                                                                                                                                                                          Start time:10:14:02
                                                                                                                                                                          Start date:18/03/2024
                                                                                                                                                                          Path:C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /uninstall
                                                                                                                                                                          Imagebase:0x800000
                                                                                                                                                                          File size:175'424 bytes
                                                                                                                                                                          MD5 hash:7ACF578621988C8B80F4D7EF7A12B89F
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Reputation:low
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:9
                                                                                                                                                                          Start time:10:14:02
                                                                                                                                                                          Start date:18/03/2024
                                                                                                                                                                          Path:C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exe
                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                          Commandline:"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exe"
                                                                                                                                                                          Imagebase:0x7ff744a00000
                                                                                                                                                                          File size:195'392 bytes
                                                                                                                                                                          MD5 hash:F2CA542F38E6B51EDB9790369117F54A
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Reputation:low
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:10
                                                                                                                                                                          Start time:10:14:02
                                                                                                                                                                          Start date:18/03/2024
                                                                                                                                                                          Path:C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTQ1IiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjE0NSIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9Ins1NjM5OEQ5Mi1DRkE5LTQ2MkQtODhGOC1FMjE0RTEwQTJEQTF9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7QkFCQUI0MkYtNUM4NS00QURFLUJCNzktRTdCN0Y4NEQxQzJCfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSI4IiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ1LjIwMDYiIHNwPSIiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9IntCMTMxQzkzNS05QkU2LTQxREEtOTU5OS0xRjc3NkJFQjgwMTl9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxLjMuMzYxLjE0NSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgaW5zdGFsbF90aW1lX21zPSIzNTQ3Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
                                                                                                                                                                          Imagebase:0x800000
                                                                                                                                                                          File size:175'424 bytes
                                                                                                                                                                          MD5 hash:7ACF578621988C8B80F4D7EF7A12B89F
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Reputation:low
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:11
                                                                                                                                                                          Start time:10:14:03
                                                                                                                                                                          Start date:18/03/2024
                                                                                                                                                                          Path:C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /handoff "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none" /installsource taggedmi /sessionid "{56398D92-CFA9-462D-88F8-E214E10A2DA1}
                                                                                                                                                                          Imagebase:0x7ff7699e0000
                                                                                                                                                                          File size:175'424 bytes
                                                                                                                                                                          MD5 hash:7ACF578621988C8B80F4D7EF7A12B89F
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Reputation:low
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:12
                                                                                                                                                                          Start time:10:14:03
                                                                                                                                                                          Start date:18/03/2024
                                                                                                                                                                          Path:C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /svc
                                                                                                                                                                          Imagebase:0x800000
                                                                                                                                                                          File size:175'424 bytes
                                                                                                                                                                          MD5 hash:7ACF578621988C8B80F4D7EF7A12B89F
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:13
                                                                                                                                                                          Start time:10:14:04
                                                                                                                                                                          Start date:18/03/2024
                                                                                                                                                                          Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                          Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                                                                          Imagebase:0x7ff6eef20000
                                                                                                                                                                          File size:55'320 bytes
                                                                                                                                                                          MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Has exited:false

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:14
                                                                                                                                                                          Start time:10:14:08
                                                                                                                                                                          Start date:18/03/2024
                                                                                                                                                                          Path:C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exe" -Embedding
                                                                                                                                                                          Imagebase:0xc70000
                                                                                                                                                                          File size:116'032 bytes
                                                                                                                                                                          MD5 hash:088EBFFD13539DBEF1204243C3558999
                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:15
                                                                                                                                                                          Start time:10:14:09
                                                                                                                                                                          Start date:18/03/2024
                                                                                                                                                                          Path:C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ondemand
                                                                                                                                                                          Imagebase:0x800000
                                                                                                                                                                          File size:175'424 bytes
                                                                                                                                                                          MD5 hash:7ACF578621988C8B80F4D7EF7A12B89F
                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:16
                                                                                                                                                                          Start time:10:14:09
                                                                                                                                                                          Start date:18/03/2024
                                                                                                                                                                          Path:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                          Commandline:"C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                          Imagebase:0x7ff6b5b10000
                                                                                                                                                                          File size:834'512 bytes
                                                                                                                                                                          MD5 hash:CFE2E6942AC1B72981B3105E22D3224E
                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Has exited:false

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:17
                                                                                                                                                                          Start time:10:14:09
                                                                                                                                                                          Start date:18/03/2024
                                                                                                                                                                          Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7212 CREDAT:9474 /prefetch:2
                                                                                                                                                                          Imagebase:0x460000
                                                                                                                                                                          File size:828'368 bytes
                                                                                                                                                                          MD5 hash:6F0F06D6AB125A99E43335427066A4A1
                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Has exited:false

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:18
                                                                                                                                                                          Start time:10:14:10
                                                                                                                                                                          Start date:18/03/2024
                                                                                                                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe
                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=20440
                                                                                                                                                                          Imagebase:0x7ff7e9650000
                                                                                                                                                                          File size:540'712 bytes
                                                                                                                                                                          MD5 hash:89CF8972D683795DAB6901BC9456675D
                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:19
                                                                                                                                                                          Start time:10:14:10
                                                                                                                                                                          Start date:18/03/2024
                                                                                                                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe
                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=20440
                                                                                                                                                                          Imagebase:0x7ff7e9650000
                                                                                                                                                                          File size:540'712 bytes
                                                                                                                                                                          MD5 hash:89CF8972D683795DAB6901BC9456675D
                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:20
                                                                                                                                                                          Start time:10:14:10
                                                                                                                                                                          Start date:18/03/2024
                                                                                                                                                                          Path:C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe
                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                          Commandline:"C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new
                                                                                                                                                                          Imagebase:0x970000
                                                                                                                                                                          File size:85'632 bytes
                                                                                                                                                                          MD5 hash:F9A898A606E7F5A1CD7CFFA8079253A0
                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:21
                                                                                                                                                                          Start time:10:14:10
                                                                                                                                                                          Start date:18/03/2024
                                                                                                                                                                          Path:C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:"C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new
                                                                                                                                                                          Imagebase:0x970000
                                                                                                                                                                          File size:85'632 bytes
                                                                                                                                                                          MD5 hash:F9A898A606E7F5A1CD7CFFA8079253A0
                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:22
                                                                                                                                                                          Start time:10:14:10
                                                                                                                                                                          Start date:18/03/2024
                                                                                                                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=20440
                                                                                                                                                                          Imagebase:0x7ff67dcd0000
                                                                                                                                                                          File size:4'210'216 bytes
                                                                                                                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Has exited:false

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:23
                                                                                                                                                                          Start time:10:14:11
                                                                                                                                                                          Start date:18/03/2024
                                                                                                                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=2020,i,10732780522710542264,14033713983186495239,262144 /prefetch:3
                                                                                                                                                                          Imagebase:0x7ff67dcd0000
                                                                                                                                                                          File size:4'210'216 bytes
                                                                                                                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Has exited:false

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:26
                                                                                                                                                                          Start time:10:14:17
                                                                                                                                                                          Start date:18/03/2024
                                                                                                                                                                          Path:C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exe" -Embedding
                                                                                                                                                                          Imagebase:0xc70000
                                                                                                                                                                          File size:116'032 bytes
                                                                                                                                                                          MD5 hash:088EBFFD13539DBEF1204243C3558999
                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:27
                                                                                                                                                                          Start time:10:14:17
                                                                                                                                                                          Start date:18/03/2024
                                                                                                                                                                          Path:C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ondemand
                                                                                                                                                                          Imagebase:0x800000
                                                                                                                                                                          File size:175'424 bytes
                                                                                                                                                                          MD5 hash:7ACF578621988C8B80F4D7EF7A12B89F
                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:28
                                                                                                                                                                          Start time:10:14:17
                                                                                                                                                                          Start date:18/03/2024
                                                                                                                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6052 --field-trial-handle=2020,i,10732780522710542264,14033713983186495239,262144 /prefetch:8
                                                                                                                                                                          Imagebase:0x7ff67dcd0000
                                                                                                                                                                          File size:4'210'216 bytes
                                                                                                                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:29
                                                                                                                                                                          Start time:10:14:18
                                                                                                                                                                          Start date:18/03/2024
                                                                                                                                                                          Path:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                          Commandline:"C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                          Imagebase:0x7ff6b5b10000
                                                                                                                                                                          File size:834'512 bytes
                                                                                                                                                                          MD5 hash:CFE2E6942AC1B72981B3105E22D3224E
                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:31
                                                                                                                                                                          Start time:10:14:19
                                                                                                                                                                          Start date:18/03/2024
                                                                                                                                                                          Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7212 CREDAT:75012 /prefetch:2
                                                                                                                                                                          Imagebase:0x460000
                                                                                                                                                                          File size:828'368 bytes
                                                                                                                                                                          MD5 hash:6F0F06D6AB125A99E43335427066A4A1
                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Has exited:false

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:32
                                                                                                                                                                          Start time:10:14:20
                                                                                                                                                                          Start date:18/03/2024
                                                                                                                                                                          Path:C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe
                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                          Commandline:"C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new
                                                                                                                                                                          Imagebase:0x970000
                                                                                                                                                                          File size:85'632 bytes
                                                                                                                                                                          MD5 hash:F9A898A606E7F5A1CD7CFFA8079253A0
                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:33
                                                                                                                                                                          Start time:10:14:20
                                                                                                                                                                          Start date:18/03/2024
                                                                                                                                                                          Path:C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:"C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new
                                                                                                                                                                          Imagebase:0x970000
                                                                                                                                                                          File size:85'632 bytes
                                                                                                                                                                          MD5 hash:F9A898A606E7F5A1CD7CFFA8079253A0
                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:34
                                                                                                                                                                          Start time:10:14:24
                                                                                                                                                                          Start date:18/03/2024
                                                                                                                                                                          Path:C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exe" -Embedding
                                                                                                                                                                          Imagebase:0xc70000
                                                                                                                                                                          File size:116'032 bytes
                                                                                                                                                                          MD5 hash:088EBFFD13539DBEF1204243C3558999
                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:35
                                                                                                                                                                          Start time:10:14:24
                                                                                                                                                                          Start date:18/03/2024
                                                                                                                                                                          Path:C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ondemand
                                                                                                                                                                          Imagebase:0x800000
                                                                                                                                                                          File size:175'424 bytes
                                                                                                                                                                          MD5 hash:7ACF578621988C8B80F4D7EF7A12B89F
                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:37
                                                                                                                                                                          Start time:10:14:24
                                                                                                                                                                          Start date:18/03/2024
                                                                                                                                                                          Path:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                          Commandline:"C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                          Imagebase:0x7ff6b5b10000
                                                                                                                                                                          File size:834'512 bytes
                                                                                                                                                                          MD5 hash:CFE2E6942AC1B72981B3105E22D3224E
                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:39
                                                                                                                                                                          Start time:10:14:25
                                                                                                                                                                          Start date:18/03/2024
                                                                                                                                                                          Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7212 CREDAT:75018 /prefetch:2
                                                                                                                                                                          Imagebase:0x460000
                                                                                                                                                                          File size:828'368 bytes
                                                                                                                                                                          MD5 hash:6F0F06D6AB125A99E43335427066A4A1
                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Has exited:false

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:40
                                                                                                                                                                          Start time:10:14:30
                                                                                                                                                                          Start date:18/03/2024
                                                                                                                                                                          Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7212 CREDAT:1250584 /prefetch:2
                                                                                                                                                                          Imagebase:0x460000
                                                                                                                                                                          File size:828'368 bytes
                                                                                                                                                                          MD5 hash:6F0F06D6AB125A99E43335427066A4A1
                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:41
                                                                                                                                                                          Start time:10:14:33
                                                                                                                                                                          Start date:18/03/2024
                                                                                                                                                                          Path:C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateOnDemand.exe" -Embedding
                                                                                                                                                                          Imagebase:0xc70000
                                                                                                                                                                          File size:116'032 bytes
                                                                                                                                                                          MD5 hash:088EBFFD13539DBEF1204243C3558999
                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:42
                                                                                                                                                                          Start time:10:14:33
                                                                                                                                                                          Start date:18/03/2024
                                                                                                                                                                          Path:C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ondemand
                                                                                                                                                                          Imagebase:0x800000
                                                                                                                                                                          File size:175'424 bytes
                                                                                                                                                                          MD5 hash:7ACF578621988C8B80F4D7EF7A12B89F
                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:43
                                                                                                                                                                          Start time:10:14:34
                                                                                                                                                                          Start date:18/03/2024
                                                                                                                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe
                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=4236 --field-trial-handle=2020,i,10732780522710542264,14033713983186495239,262144 /prefetch:8
                                                                                                                                                                          Imagebase:0x7ff6cb800000
                                                                                                                                                                          File size:1'255'976 bytes
                                                                                                                                                                          MD5 hash:76C58E5BABFE4ACF0308AA646FC0F416
                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:44
                                                                                                                                                                          Start time:10:14:34
                                                                                                                                                                          Start date:18/03/2024
                                                                                                                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe
                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=4236 --field-trial-handle=2020,i,10732780522710542264,14033713983186495239,262144 /prefetch:8
                                                                                                                                                                          Imagebase:0x7ff6cb800000
                                                                                                                                                                          File size:1'255'976 bytes
                                                                                                                                                                          MD5 hash:76C58E5BABFE4ACF0308AA646FC0F416
                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:45
                                                                                                                                                                          Start time:10:14:34
                                                                                                                                                                          Start date:18/03/2024
                                                                                                                                                                          Path:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                          Commandline:"C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                          Imagebase:0x7ff6b5b10000
                                                                                                                                                                          File size:834'512 bytes
                                                                                                                                                                          MD5 hash:CFE2E6942AC1B72981B3105E22D3224E
                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:46
                                                                                                                                                                          Start time:10:14:34
                                                                                                                                                                          Start date:18/03/2024
                                                                                                                                                                          Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7212 CREDAT:9482 /prefetch:2
                                                                                                                                                                          Imagebase:0x460000
                                                                                                                                                                          File size:828'368 bytes
                                                                                                                                                                          MD5 hash:6F0F06D6AB125A99E43335427066A4A1
                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Has exited:false

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:47
                                                                                                                                                                          Start time:10:14:45
                                                                                                                                                                          Start date:18/03/2024
                                                                                                                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
                                                                                                                                                                          Imagebase:0x7ff67dcd0000
                                                                                                                                                                          File size:4'210'216 bytes
                                                                                                                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:48
                                                                                                                                                                          Start time:10:14:45
                                                                                                                                                                          Start date:18/03/2024
                                                                                                                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=2000,i,3705036646907235618,15177434978570065286,262144 /prefetch:3
                                                                                                                                                                          Imagebase:0x7ff67dcd0000
                                                                                                                                                                          File size:4'210'216 bytes
                                                                                                                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:49
                                                                                                                                                                          Start time:10:14:46
                                                                                                                                                                          Start date:18/03/2024
                                                                                                                                                                          Path:C:\Program Files (x86)\BraveSoftware\Update\Install\{4F196A2A-B4D3-469B-B59C-F68107B39DD0}\brave_installer-x64.exe
                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                          Commandline:C:\Program Files (x86)\BraveSoftware\Update\Install\{4F196A2A-B4D3-469B-B59C-F68107B39DD0}\brave_installer-x64.exe" --do-not-launch-chrome /installerdata="C:\Windows\TEMP\gui8936.tmp
                                                                                                                                                                          Imagebase:0x7ff7e4980000
                                                                                                                                                                          File size:124'775'448 bytes
                                                                                                                                                                          MD5 hash:40976C35E6CA27871F134A8A2FCAFC21
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          Disassembly

                                                                                                                                                                          Reset < >

                                                                                                                                                                            Execution Graph

                                                                                                                                                                            Execution Coverage:10%
                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                            Signature Coverage:7%
                                                                                                                                                                            Total number of Nodes:2000
                                                                                                                                                                            Total number of Limit Nodes:29
                                                                                                                                                                            execution_graph 12408 89681f 12409 89682b __FrameHandler3::FrameUnwindToState 12408->12409 12436 896a1b 12409->12436 12411 896832 12412 896985 12411->12412 12424 89685c ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock CallUnexpected 12411->12424 12506 896d06 IsProcessorFeaturePresent 12412->12506 12414 89698c 12487 89a133 12414->12487 12417 89a0f7 CallUnexpected 23 API calls 12418 89699a 12417->12418 12419 89687b 12420 8968fc 12447 896e21 12420->12447 12424->12419 12424->12420 12490 89a10d 12424->12490 12429 896e57 CallUnexpected GetModuleHandleW 12430 89691e 12429->12430 12430->12414 12431 896922 12430->12431 12432 89692b 12431->12432 12497 89a0e8 12431->12497 12500 896b8c 12432->12500 12437 896a24 12436->12437 12510 896fa5 IsProcessorFeaturePresent 12437->12510 12441 896a35 12442 896a39 12441->12442 12520 89a723 12441->12520 12442->12411 12445 896a50 12445->12411 12647 897760 12447->12647 12449 896e34 GetStartupInfoW 12450 896902 12449->12450 12451 899d7a 12450->12451 12649 89ed7d 12451->12649 12453 89690a 12456 89277b GetModuleHandleW GetProcAddress 12453->12456 12454 899d83 12454->12453 12655 89f0b1 12454->12655 12457 8927a0 12456->12457 12458 8927a7 CoInitializeEx 12456->12458 12457->12458 12459 8927c5 12458->12459 12460 8927ba 12458->12460 13060 89254e 12459->13060 12904 891444 12460->12904 12465 8927d5 12909 892604 12465->12909 12477 89280f 12478 892bff 59 API calls 12477->12478 12479 892828 12478->12479 12480 892bff 59 API calls 12479->12480 12481 892831 12480->12481 12964 891935 12481->12964 12488 899f5e CallUnexpected 23 API calls 12487->12488 12489 896992 12488->12489 12489->12417 12491 89a123 __dosmaperr 12490->12491 12492 89a7c4 __FrameHandler3::FrameUnwindToState 12490->12492 12491->12420 12493 89d6f0 _unexpected 43 API calls 12492->12493 12496 89a7d5 12493->12496 12494 89a880 CallUnexpected 43 API calls 12495 89a7ff 12494->12495 12496->12494 12498 899f5e CallUnexpected 23 API calls 12497->12498 12499 89a0f3 12498->12499 12499->12432 12501 896b98 12500->12501 12505 896933 12501->12505 14073 89a735 12501->14073 12503 896ba6 12504 89754d ___scrt_uninitialize_crt 7 API calls 12503->12504 12504->12505 12505->12419 12507 896d1c CallUnexpected 12506->12507 12508 896dc7 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 12507->12508 12509 896e12 CallUnexpected 12508->12509 12509->12414 12511 896a30 12510->12511 12512 89752e 12511->12512 12529 897b61 12512->12529 12515 897537 12515->12441 12517 89753f 12518 89754a 12517->12518 12543 897b9d 12517->12543 12518->12441 12585 8a0781 12520->12585 12523 89754d 12524 897560 12523->12524 12525 897556 12523->12525 12524->12442 12526 897b46 ___vcrt_uninitialize_ptd 6 API calls 12525->12526 12527 89755b 12526->12527 12528 897b9d ___vcrt_uninitialize_locks DeleteCriticalSection 12527->12528 12528->12524 12531 897b6a 12529->12531 12532 897b93 12531->12532 12533 897533 12531->12533 12547 897dd5 12531->12547 12534 897b9d ___vcrt_uninitialize_locks DeleteCriticalSection 12532->12534 12533->12515 12535 897b13 12533->12535 12534->12533 12566 897ce6 12535->12566 12540 897b43 12540->12517 12542 897b28 12542->12517 12544 897bc7 12543->12544 12545 897ba8 12543->12545 12544->12515 12546 897bb2 DeleteCriticalSection 12545->12546 12546->12544 12546->12546 12552 897c9d 12547->12552 12550 897e0d InitializeCriticalSectionAndSpinCount 12551 897df8 12550->12551 12551->12531 12553 897cd8 12552->12553 12554 897cb5 12552->12554 12553->12550 12553->12551 12554->12553 12558 897c03 12554->12558 12557 897cca GetProcAddress 12557->12553 12564 897c0f 12558->12564 12559 897c83 12559->12553 12559->12557 12560 897c25 LoadLibraryExW 12561 897c8a 12560->12561 12562 897c43 GetLastError 12560->12562 12561->12559 12563 897c92 FreeLibrary 12561->12563 12562->12564 12563->12559 12564->12559 12564->12560 12565 897c65 LoadLibraryExW 12564->12565 12565->12561 12565->12564 12567 897c9d ___vcrt_FlsFree 5 API calls 12566->12567 12568 897d00 12567->12568 12569 897d19 TlsAlloc 12568->12569 12570 897b1d 12568->12570 12570->12542 12571 897d97 12570->12571 12572 897c9d ___vcrt_FlsFree 5 API calls 12571->12572 12573 897db1 12572->12573 12574 897dcc TlsSetValue 12573->12574 12575 897b36 12573->12575 12574->12575 12575->12540 12576 897b46 12575->12576 12577 897b56 12576->12577 12578 897b50 12576->12578 12577->12542 12580 897d21 12578->12580 12581 897c9d ___vcrt_FlsFree 5 API calls 12580->12581 12582 897d3b 12581->12582 12583 897d53 TlsFree 12582->12583 12584 897d47 12582->12584 12583->12584 12584->12577 12586 8a0791 12585->12586 12587 896a42 12585->12587 12586->12587 12589 89f7c8 12586->12589 12587->12445 12587->12523 12590 89f7d4 __FrameHandler3::FrameUnwindToState 12589->12590 12601 89f32d EnterCriticalSection 12590->12601 12592 89f7db 12602 89f46d 12592->12602 12595 89f7f9 12626 89f81f 12595->12626 12601->12592 12603 89f479 __FrameHandler3::FrameUnwindToState 12602->12603 12604 89f4a3 12603->12604 12605 89f482 12603->12605 12629 89f32d EnterCriticalSection 12604->12629 12607 89dcfe __dosmaperr 14 API calls 12605->12607 12608 89f487 12607->12608 12609 89dc00 ___std_exception_copy 43 API calls 12608->12609 12611 89f491 12609->12611 12610 89f4db 12637 89f502 12610->12637 12611->12595 12615 89f662 GetStartupInfoW 12611->12615 12612 89f4af 12612->12610 12630 89f3bd 12612->12630 12616 89f67f 12615->12616 12617 89f713 12615->12617 12616->12617 12618 89f46d 44 API calls 12616->12618 12621 89f718 12617->12621 12619 89f6a7 12618->12619 12619->12617 12620 89f6d7 GetFileType 12619->12620 12620->12619 12622 89f71f 12621->12622 12623 89f762 GetStdHandle 12622->12623 12624 89f7c4 12622->12624 12625 89f775 GetFileType 12622->12625 12623->12622 12624->12595 12625->12622 12646 89f375 LeaveCriticalSection 12626->12646 12628 89f80a 12628->12586 12629->12612 12631 89dd11 __dosmaperr 14 API calls 12630->12631 12633 89f3cf 12631->12633 12632 89f3dc 12634 89dd6e __freea 14 API calls 12632->12634 12633->12632 12640 8a05cb 12633->12640 12636 89f431 12634->12636 12636->12612 12645 89f375 LeaveCriticalSection 12637->12645 12639 89f509 12639->12611 12641 8a03ea __dosmaperr 5 API calls 12640->12641 12642 8a05e7 12641->12642 12643 8a0605 InitializeCriticalSectionAndSpinCount 12642->12643 12644 8a05f0 12642->12644 12643->12644 12644->12633 12645->12639 12646->12628 12648 897777 12647->12648 12648->12449 12648->12648 12650 89edb8 12649->12650 12651 89ed86 12649->12651 12650->12454 12658 89d7ab 12651->12658 12901 89f061 12655->12901 12659 89d7bc 12658->12659 12660 89d7b6 12658->12660 12661 8a0589 __dosmaperr 6 API calls 12659->12661 12680 89d7c2 12659->12680 12662 8a054a __dosmaperr 6 API calls 12660->12662 12663 89d7d6 12661->12663 12662->12659 12664 89dd11 __dosmaperr 14 API calls 12663->12664 12663->12680 12666 89d7e6 12664->12666 12665 89a880 CallUnexpected 43 API calls 12667 89d840 12665->12667 12668 89d7ee 12666->12668 12669 89d803 12666->12669 12670 8a0589 __dosmaperr 6 API calls 12668->12670 12671 8a0589 __dosmaperr 6 API calls 12669->12671 12678 89d7fa 12670->12678 12672 89d80f 12671->12672 12673 89d813 12672->12673 12674 89d822 12672->12674 12677 8a0589 __dosmaperr 6 API calls 12673->12677 12675 89d51e __dosmaperr 14 API calls 12674->12675 12679 89d82d 12675->12679 12676 89dd6e __freea 14 API calls 12676->12680 12677->12678 12678->12676 12681 89dd6e __freea 14 API calls 12679->12681 12680->12665 12682 89d7c7 12680->12682 12681->12682 12683 89eb88 12682->12683 12706 89ecdd 12683->12706 12688 89ebcb 12688->12650 12689 89fae8 15 API calls 12690 89ebdc 12689->12690 12691 89ebf2 12690->12691 12692 89ebe4 12690->12692 12724 89edd8 12691->12724 12693 89dd6e __freea 14 API calls 12692->12693 12693->12688 12696 89ec2a 12697 89dcfe __dosmaperr 14 API calls 12696->12697 12699 89ec2f 12697->12699 12698 89ec71 12701 89ecba 12698->12701 12735 89e7fa 12698->12735 12702 89dd6e __freea 14 API calls 12699->12702 12700 89ec45 12700->12698 12703 89dd6e __freea 14 API calls 12700->12703 12705 89dd6e __freea 14 API calls 12701->12705 12702->12688 12703->12698 12705->12688 12707 89ece9 __FrameHandler3::FrameUnwindToState 12706->12707 12709 89ed03 12707->12709 12743 89f32d EnterCriticalSection 12707->12743 12711 89ebb2 12709->12711 12713 89a880 CallUnexpected 43 API calls 12709->12713 12710 89ed3f 12744 89ed5c 12710->12744 12717 89e908 12711->12717 12715 89ed7c 12713->12715 12714 89ed13 12714->12710 12716 89dd6e __freea 14 API calls 12714->12716 12716->12710 12748 89e408 12717->12748 12720 89e929 GetOEMCP 12722 89e952 12720->12722 12721 89e93b 12721->12722 12723 89e940 GetACP 12721->12723 12722->12688 12722->12689 12723->12722 12725 89e908 45 API calls 12724->12725 12726 89edf8 12725->12726 12728 89ee35 IsValidCodePage 12726->12728 12733 89ee71 CallUnexpected 12726->12733 12727 897182 CatchGuardHandler 5 API calls 12729 89ec1f 12727->12729 12730 89ee47 12728->12730 12728->12733 12729->12696 12729->12700 12731 89ee76 GetCPInfo 12730->12731 12732 89ee50 CallUnexpected 12730->12732 12731->12732 12731->12733 12791 89e9dc 12732->12791 12733->12727 12736 89e806 __FrameHandler3::FrameUnwindToState 12735->12736 12875 89f32d EnterCriticalSection 12736->12875 12738 89e810 12876 89e847 12738->12876 12743->12714 12747 89f375 LeaveCriticalSection 12744->12747 12746 89ed63 12746->12709 12747->12746 12749 89e41f 12748->12749 12750 89e426 12748->12750 12749->12720 12749->12721 12750->12749 12751 89d6f0 _unexpected 43 API calls 12750->12751 12752 89e447 12751->12752 12756 8a14cc 12752->12756 12757 8a14df 12756->12757 12758 89e45d 12756->12758 12757->12758 12764 8a0200 12757->12764 12760 8a152a 12758->12760 12761 8a153d 12760->12761 12762 8a1552 12760->12762 12761->12762 12786 89edc5 12761->12786 12762->12749 12765 8a020c __FrameHandler3::FrameUnwindToState 12764->12765 12766 89d6f0 _unexpected 43 API calls 12765->12766 12767 8a0215 12766->12767 12768 8a025b 12767->12768 12777 89f32d EnterCriticalSection 12767->12777 12768->12758 12770 8a0233 12778 8a0281 12770->12778 12775 89a880 CallUnexpected 43 API calls 12776 8a0280 12775->12776 12777->12770 12779 8a0244 12778->12779 12780 8a028f __dosmaperr 12778->12780 12782 8a0260 12779->12782 12780->12779 12781 89ffb4 __dosmaperr 14 API calls 12780->12781 12781->12779 12785 89f375 LeaveCriticalSection 12782->12785 12784 8a0257 12784->12768 12784->12775 12785->12784 12787 89d6f0 _unexpected 43 API calls 12786->12787 12788 89edca 12787->12788 12789 89ecdd ___scrt_uninitialize_crt 43 API calls 12788->12789 12790 89edd5 12789->12790 12790->12762 12792 89ea04 GetCPInfo 12791->12792 12793 89eacd 12791->12793 12792->12793 12798 89ea1c 12792->12798 12795 897182 CatchGuardHandler 5 API calls 12793->12795 12796 89eb86 12795->12796 12796->12733 12802 89fe0e 12798->12802 12801 8a2b92 47 API calls 12801->12793 12803 89e408 43 API calls 12802->12803 12804 89fe2e 12803->12804 12822 89f0e2 12804->12822 12806 89fef2 12808 897182 CatchGuardHandler 5 API calls 12806->12808 12807 89feea 12825 89ff17 12807->12825 12812 89ea84 12808->12812 12809 89fe80 CallUnexpected __alloca_probe_16 12809->12807 12814 89f0e2 ___scrt_uninitialize_crt MultiByteToWideChar 12809->12814 12810 89fe5b 12810->12806 12810->12807 12810->12809 12811 89fae8 15 API calls 12810->12811 12811->12809 12817 8a2b92 12812->12817 12815 89fecb 12814->12815 12815->12807 12816 89fed6 GetStringTypeW 12815->12816 12816->12807 12818 89e408 43 API calls 12817->12818 12819 8a2ba5 12818->12819 12829 8a29a4 12819->12829 12823 89f0f3 MultiByteToWideChar 12822->12823 12823->12810 12826 89ff23 12825->12826 12827 89ff34 12825->12827 12826->12827 12828 89dd6e __freea 14 API calls 12826->12828 12827->12806 12828->12827 12830 8a29bf 12829->12830 12831 89f0e2 ___scrt_uninitialize_crt MultiByteToWideChar 12830->12831 12835 8a2a05 12831->12835 12832 8a2b7d 12833 897182 CatchGuardHandler 5 API calls 12832->12833 12834 89eaa5 12833->12834 12834->12801 12835->12832 12836 89fae8 15 API calls 12835->12836 12838 8a2a2b __alloca_probe_16 12835->12838 12846 8a2ab1 12835->12846 12836->12838 12837 89ff17 __freea 14 API calls 12837->12832 12839 89f0e2 ___scrt_uninitialize_crt MultiByteToWideChar 12838->12839 12838->12846 12840 8a2a70 12839->12840 12840->12846 12857 8a0616 12840->12857 12843 8a2ada 12845 8a2b65 12843->12845 12848 89fae8 15 API calls 12843->12848 12850 8a2aec __alloca_probe_16 12843->12850 12844 8a2aa2 12844->12846 12847 8a0616 6 API calls 12844->12847 12849 89ff17 __freea 14 API calls 12845->12849 12846->12837 12847->12846 12848->12850 12849->12846 12850->12845 12851 8a0616 6 API calls 12850->12851 12852 8a2b2f 12851->12852 12852->12845 12863 89f15e 12852->12863 12854 8a2b49 12854->12845 12855 8a2b52 12854->12855 12856 89ff17 __freea 14 API calls 12855->12856 12856->12846 12866 8a02eb 12857->12866 12861 8a0667 LCMapStringW 12862 8a0627 12861->12862 12862->12843 12862->12844 12862->12846 12865 89f175 WideCharToMultiByte 12863->12865 12865->12854 12867 8a03ea __dosmaperr 5 API calls 12866->12867 12868 8a0301 12867->12868 12868->12862 12869 8a0673 12868->12869 12872 8a0305 12869->12872 12871 8a067e 12871->12861 12873 8a03ea __dosmaperr 5 API calls 12872->12873 12874 8a031b 12873->12874 12874->12871 12875->12738 12886 89efe0 12876->12886 12878 89e869 12879 89efe0 43 API calls 12878->12879 12880 89e888 12879->12880 12881 89e81d 12880->12881 12882 89dd6e __freea 14 API calls 12880->12882 12883 89e83b 12881->12883 12882->12881 12900 89f375 LeaveCriticalSection 12883->12900 12885 89e829 12885->12701 12887 89eff1 12886->12887 12890 89efed __InternalCxxFrameHandler 12886->12890 12888 89eff8 12887->12888 12893 89f00b CallUnexpected 12887->12893 12889 89dcfe __dosmaperr 14 API calls 12888->12889 12891 89effd 12889->12891 12890->12878 12892 89dc00 ___std_exception_copy 43 API calls 12891->12892 12892->12890 12893->12890 12894 89f039 12893->12894 12896 89f042 12893->12896 12895 89dcfe __dosmaperr 14 API calls 12894->12895 12897 89f03e 12895->12897 12896->12890 12898 89dcfe __dosmaperr 14 API calls 12896->12898 12899 89dc00 ___std_exception_copy 43 API calls 12897->12899 12898->12897 12899->12890 12900->12885 12902 89e408 43 API calls 12901->12902 12903 89f074 12902->12903 12903->12454 12905 897760 CallUnexpected 12904->12905 12906 891483 VerSetConditionMask VerSetConditionMask VerSetConditionMask VerifyVersionInfoW 12905->12906 12907 897182 CatchGuardHandler 5 API calls 12906->12907 12908 8914e6 12907->12908 12908->12459 12908->12465 12910 892b50 68 API calls 12909->12910 12911 892625 12910->12911 13088 892f5f 12911->13088 12913 892635 CallUnexpected 12914 8926d9 12913->12914 12916 89264f GetModuleFileNameW 12913->12916 12915 897182 CatchGuardHandler 5 API calls 12914->12915 12917 8926e7 12915->12917 12916->12914 12918 89266a 12916->12918 12922 8926e9 12917->12922 12918->12914 12919 89266e RegCreateKeyExW 12918->12919 12919->12914 12920 892699 lstrlenW RegSetValueExW 12919->12920 12920->12914 12921 8926cd RegCloseKey 12920->12921 12921->12914 12923 897760 CallUnexpected 12922->12923 12924 892713 GetModuleFileNameW 12923->12924 12925 89275f 12924->12925 12926 89272f 12924->12926 12927 892ba0 66 API calls 12925->12927 12926->12925 12928 892733 12926->12928 12929 89275d 12927->12929 12930 892ba0 66 API calls 12928->12930 12931 897182 CatchGuardHandler 5 API calls 12929->12931 12932 892745 12930->12932 12933 892779 12931->12933 13095 894b06 12932->13095 12937 892b50 12933->12937 12936 892f5f RtlFreeHeap 12936->12929 13162 8911d5 12937->13162 12940 892b61 12944 892b86 12940->12944 12945 892b79 12940->12945 12941 892b95 12942 89103b RaiseException 12941->12942 12943 892b9f 12942->12943 13177 892dc4 12944->13177 13186 8929de 12945->13186 12948 8927f9 12949 892bff 12948->12949 12950 8911d5 58 API calls 12949->12950 12951 892c07 12950->12951 12952 892802 12951->12952 12953 89103b RaiseException 12951->12953 12955 892ba0 12952->12955 12954 892c25 12953->12954 12956 8911d5 58 API calls 12955->12956 12957 892bac 12956->12957 12958 892bf4 12957->12958 12961 892bb2 12957->12961 12959 89103b RaiseException 12958->12959 12960 892bfe 12959->12960 12962 8929de 51 API calls 12961->12962 12963 892bd6 12961->12963 12962->12963 12963->12477 13326 891edd IsUserAnAdmin 12964->13326 12967 89195d 12971 891961 12967->12971 13350 892024 12967->13350 12973 897182 CatchGuardHandler 5 API calls 12971->12973 12974 891cdd 12973->12974 13037 8918b8 12974->13037 12976 89198e 12977 891ad5 12976->12977 12978 8919f1 12976->12978 13375 893555 12976->13375 13475 893520 12977->13475 13402 892132 12978->13402 12983 892f7a 14 API calls 12984 891a20 12983->12984 12985 892c26 RaiseException 12984->12985 12986 891a48 PathQuoteSpacesW 12985->12986 13420 8928b9 12986->13420 12988 891a60 CallUnexpected 12989 891a73 GetModuleFileNameW 12988->12989 12990 891a8a 12989->12990 12991 891a99 12989->12991 12990->12991 13424 891570 12990->13424 12993 891aba 12991->12993 12994 891c0e 12991->12994 12995 891ada 12993->12995 12996 891abe 12993->12996 12997 8914eb 63 API calls 12994->12997 12999 892b50 68 API calls 12995->12999 12998 89254e 74 API calls 12996->12998 13000 891c20 12997->13000 13001 891aca 12998->13001 13002 891ae6 12999->13002 13526 891cdf 13000->13526 13004 892f5f RtlFreeHeap 13001->13004 13005 892bff 59 API calls 13002->13005 13004->12977 13008 891af1 13005->13008 13006 891c06 13444 891db4 13006->13444 13435 892aa0 13008->13435 13010 891c8d 13459 8937e2 13010->13459 13014 892b50 68 API calls 13017 891c51 13014->13017 13015 891ca2 13018 892f5f RtlFreeHeap 13015->13018 13016 892f5f RtlFreeHeap 13019 891b42 13016->13019 13024 8914eb 63 API calls 13017->13024 13018->12977 13020 891b4a 13019->13020 13021 891bcd 13019->13021 13495 892a5b 13020->13495 13022 8914eb 63 API calls 13021->13022 13025 891bcb 13022->13025 13027 891c7f 13024->13027 13030 892f5f RtlFreeHeap 13025->13030 13029 892f5f RtlFreeHeap 13027->13029 13029->13010 13031 891bfb 13030->13031 13032 892f5f RtlFreeHeap 13031->13032 13032->13006 13033 891b7e _strncpy 13513 8914eb 13033->13513 13036 892f5f RtlFreeHeap 13036->13025 13038 8918c9 13037->13038 13049 8918ff 13037->13049 13039 8918e6 13038->13039 13041 8928df RaiseException 13038->13041 13042 892904 15 API calls 13039->13042 13040 892f5f RtlFreeHeap 13043 89190c 13040->13043 13044 8918d8 DeleteFileW 13041->13044 13045 8918ed RemoveDirectoryW 13042->13045 13046 892f5f RtlFreeHeap 13043->13046 13044->13038 13044->13039 13047 892c62 44 API calls 13045->13047 13048 891913 13046->13048 13047->13049 13050 892904 15 API calls 13048->13050 13049->13040 13051 89191a 13050->13051 13052 892f5f RtlFreeHeap 13051->13052 13053 891922 13052->13053 13054 892f5f RtlFreeHeap 13053->13054 13055 89192a 13054->13055 13056 8929ca 13057 892857 13056->13057 13058 8929d2 13056->13058 13057->12429 13058->13057 13059 8929d7 CoUninitialize 13058->13059 13059->13057 13061 892bff 59 API calls 13060->13061 13062 892560 13061->13062 13063 89256d 13062->13063 13064 89257c 13062->13064 13065 8929de 51 API calls 13063->13065 13066 892bff 59 API calls 13064->13066 13068 89257a 13065->13068 13067 892584 13066->13067 13069 8929de 51 API calls 13067->13069 13071 892bff 59 API calls 13068->13071 13070 89258d 13069->13070 14039 89324d 13070->14039 13073 8925b1 13071->13073 13075 892bff 59 API calls 13073->13075 13074 89259e 13076 892f5f RtlFreeHeap 13074->13076 13077 8925b9 13075->13077 13076->13068 13078 8929de 51 API calls 13077->13078 13079 8925c2 13078->13079 13080 89324d 73 API calls 13079->13080 13081 8925d3 13080->13081 13082 892f5f RtlFreeHeap 13081->13082 13083 8925de MessageBoxW 13082->13083 13084 892f5f RtlFreeHeap 13083->13084 13085 8925f6 13084->13085 13086 892f5f RtlFreeHeap 13085->13086 13087 8925fe 13086->13087 13087->13056 13089 892f79 13088->13089 13090 892f71 13088->13090 13089->12913 13092 89114d 13090->13092 13093 891164 13092->13093 13094 891156 RtlFreeHeap 13092->13094 13093->13089 13094->13093 13096 892bff 59 API calls 13095->13096 13097 894b19 13096->13097 13117 893a75 lstrcpynW PathStripPathW PathRemoveExtensionW lstrlenW 13097->13117 13100 894b70 13102 892ba0 66 API calls 13100->13102 13104 894b69 13102->13104 13107 892f5f RtlFreeHeap 13104->13107 13110 892752 13107->13110 13110->12936 13118 893ad5 lstrlenW 13117->13118 13119 893ae7 13117->13119 13121 893b26 13118->13121 13119->13118 13122 893b1a 13119->13122 13123 893b76 13119->13123 13120 893b39 13137 893939 lstrlenW 13120->13137 13121->13120 13124 893b3b lstrlenW 13121->13124 13122->13118 13147 8972b2 13123->13147 13124->13120 13128 893b51 13129 893b62 13128->13129 13141 8939c5 lstrlenW 13128->13141 13131 897182 CatchGuardHandler 5 API calls 13129->13131 13132 893b74 13131->13132 13132->13100 13133 892c26 13132->13133 13134 892c57 13133->13134 13155 89103b 13134->13155 13138 893952 13137->13138 13139 893963 lstrlenW 13138->13139 13140 89396e 13138->13140 13139->13140 13140->13128 13142 8939e3 13141->13142 13143 893a12 lstrlenW 13142->13143 13146 8939fa 13142->13146 13144 893a26 13143->13144 13143->13146 13145 893a47 lstrlenW 13144->13145 13144->13146 13145->13144 13145->13146 13146->13129 13150 8972be IsProcessorFeaturePresent 13147->13150 13151 8972d3 13150->13151 13154 897190 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 13151->13154 13153 893b7b 13154->13153 13161 891026 RaiseException 13155->13161 13157 89107a 13158 89105b 13158->13157 13159 89103b RaiseException 13158->13159 13160 891096 13159->13160 13161->13158 13163 8911ec 13162->13163 13164 891203 13162->13164 13166 8a86c5 6 API calls 13163->13166 13176 8911fe 13163->13176 13195 8a86c5 EnterCriticalSection 13164->13195 13168 891253 13166->13168 13167 89120e 13167->13163 13169 891218 GetProcessHeap 13167->13169 13171 896be1 46 API calls 13168->13171 13168->13176 13200 896be1 13169->13200 13173 8912a0 13171->13173 13175 8a867b __Init_thread_footer 5 API calls 13173->13175 13175->13176 13176->12940 13176->12941 13178 892e0d 13177->13178 13179 892dd1 MultiByteToWideChar 13177->13179 13283 892c62 13178->13283 13179->13178 13180 892dea 13179->13180 13182 892c26 RaiseException 13180->13182 13184 892df2 MultiByteToWideChar 13182->13184 13183 892e0b 13183->12948 13257 892e7d 13184->13257 13287 8a805d EnterCriticalSection 13186->13287 13188 892a50 13188->12948 13189 892a09 FindResourceExW 13190 8929f3 13189->13190 13190->13188 13190->13189 13192 8a805d 3 API calls 13190->13192 13193 892a41 13190->13193 13292 8910bf LoadResource 13190->13292 13192->13190 13193->13188 13296 892d36 FindResourceW 13193->13296 13196 8a86d9 13195->13196 13197 8a86de LeaveCriticalSection 13196->13197 13208 8a874d 13196->13208 13197->13167 13213 896bb4 13200->13213 13203 8a867b EnterCriticalSection LeaveCriticalSection 13204 8a8717 13203->13204 13205 8a8722 RtlWakeAllConditionVariable 13204->13205 13206 8a8733 SetEvent ResetEvent 13204->13206 13205->13163 13206->13163 13209 8a875b SleepConditionVariableCS 13208->13209 13210 8a8774 LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 13208->13210 13211 8a8798 13209->13211 13210->13211 13211->13196 13214 896bca 13213->13214 13215 896bc3 13213->13215 13222 89a5f5 13214->13222 13219 89a578 13215->13219 13218 89123e 13218->13203 13220 89a5f5 46 API calls 13219->13220 13221 89a58a 13220->13221 13221->13218 13225 89a341 13222->13225 13226 89a34d __FrameHandler3::FrameUnwindToState 13225->13226 13233 89f32d EnterCriticalSection 13226->13233 13228 89a35b 13234 89a39c 13228->13234 13230 89a368 13244 89a390 13230->13244 13233->13228 13236 89a3b7 13234->13236 13242 89a42a __dosmaperr 13234->13242 13235 89a40a 13237 8a06f9 46 API calls 13235->13237 13235->13242 13236->13235 13236->13242 13247 8a06f9 13236->13247 13239 89a420 13237->13239 13241 89dd6e __freea 14 API calls 13239->13241 13240 89a400 13243 89dd6e __freea 14 API calls 13240->13243 13241->13242 13242->13230 13243->13235 13256 89f375 LeaveCriticalSection 13244->13256 13246 89a379 13246->13218 13248 8a0721 13247->13248 13249 8a0706 13247->13249 13251 8a0730 13248->13251 13253 8a2cb5 44 API calls 13248->13253 13249->13248 13250 8a0712 13249->13250 13252 89dcfe __dosmaperr 14 API calls 13250->13252 13254 8a2ce8 16 API calls 13251->13254 13255 8a0717 CallUnexpected 13252->13255 13253->13251 13254->13255 13255->13240 13256->13246 13258 892e87 13257->13258 13259 892e8e 13258->13259 13260 89103b RaiseException 13258->13260 13259->13183 13261 892ea7 13260->13261 13262 892ec0 13261->13262 13263 892eb6 13261->13263 13265 892eca 13262->13265 13266 892f54 13262->13266 13264 892c62 44 API calls 13263->13264 13269 892ebb 13264->13269 13267 892c26 RaiseException 13265->13267 13268 89103b RaiseException 13266->13268 13270 892ee2 13267->13270 13271 892f5e 13268->13271 13269->13183 13272 892f3a 13270->13272 13273 892ef0 13270->13273 13274 893024 14 API calls 13272->13274 13275 892f01 13273->13275 13278 892f17 13273->13278 13280 892f11 __InternalCxxFrameHandler 13273->13280 13274->13280 13277 89dcfe __dosmaperr 14 API calls 13275->13277 13276 892e7d 44 API calls 13276->13269 13279 892f06 13277->13279 13278->13280 13281 89dcfe __dosmaperr 14 API calls 13278->13281 13282 89dc00 ___std_exception_copy 43 API calls 13279->13282 13280->13276 13281->13279 13282->13280 13284 892c74 13283->13284 13285 892c85 13283->13285 13284->13285 13286 892e7d 44 API calls 13284->13286 13285->13183 13286->13285 13289 8a8076 13287->13289 13290 8a807f LeaveCriticalSection 13287->13290 13289->13290 13306 8928df 13289->13306 13290->13190 13293 8910f5 13292->13293 13294 8910d5 LockResource 13292->13294 13293->13190 13294->13293 13295 8910e2 SizeofResource 13294->13295 13295->13293 13297 892d57 13296->13297 13305 892d97 13296->13305 13298 8910bf 3 API calls 13297->13298 13299 892d64 13298->13299 13300 892c26 RaiseException 13299->13300 13299->13305 13301 892d77 13300->13301 13312 8a98b7 13301->13312 13303 892d86 13304 892e7d 44 API calls 13303->13304 13304->13305 13305->13188 13307 8928e9 13306->13307 13308 8928ee 13307->13308 13311 891026 RaiseException 13307->13311 13308->13290 13310 892903 13311->13310 13313 8a98c8 13312->13313 13321 8a98c4 __InternalCxxFrameHandler 13312->13321 13314 8a98cf 13313->13314 13318 8a98e2 _wmemset 13313->13318 13315 89dcfe __dosmaperr 14 API calls 13314->13315 13316 8a98d4 13315->13316 13317 89dc00 ___std_exception_copy 43 API calls 13316->13317 13317->13321 13319 8a991c 13318->13319 13320 8a9913 13318->13320 13318->13321 13319->13321 13323 89dcfe __dosmaperr 14 API calls 13319->13323 13322 89dcfe __dosmaperr 14 API calls 13320->13322 13321->13303 13324 8a9918 13322->13324 13323->13324 13325 89dc00 ___std_exception_copy 43 API calls 13324->13325 13325->13321 13327 891952 13326->13327 13328 891ef7 13326->13328 13327->12967 13482 891fad 13327->13482 13329 892bff 59 API calls 13328->13329 13330 891f01 13329->13330 13331 892c26 RaiseException 13330->13331 13332 891f17 SHGetFolderPathW 13331->13332 13333 8928b9 44 API calls 13332->13333 13334 891f35 13333->13334 13335 891f9e 13334->13335 13336 892ba0 66 API calls 13334->13336 13337 892f5f RtlFreeHeap 13335->13337 13338 891f44 13336->13338 13337->13327 13543 892860 13338->13543 13341 891f6c 13344 892860 2 API calls 13341->13344 13342 891f5f GetLastError 13342->13341 13343 891f94 13342->13343 13346 892f5f RtlFreeHeap 13343->13346 13345 891f79 13344->13345 13550 891e34 CreateDirectoryW 13345->13550 13346->13335 13351 897760 CallUnexpected 13350->13351 13352 892053 GetTempFileNameW 13351->13352 13353 892121 13352->13353 13354 892074 13352->13354 13355 897182 CatchGuardHandler 5 API calls 13353->13355 13356 892ba0 66 API calls 13354->13356 13357 891970 13355->13357 13358 892086 13356->13358 13357->12971 13371 892f7a 13357->13371 13569 89293d 13358->13569 13361 892f5f RtlFreeHeap 13362 8920a0 FindResourceW 13361->13362 13362->13353 13363 8920b4 LoadResource 13362->13363 13363->13353 13364 8920c1 LockResource 13363->13364 13364->13353 13365 8920ce CreateFileW 13364->13365 13365->13353 13366 8920ef SizeofResource 13365->13366 13577 892369 13366->13577 13369 892108 SetFilePointerEx 13369->13353 13370 892117 CloseHandle 13369->13370 13370->13353 13372 892f85 13371->13372 13373 892f93 13372->13373 13374 893024 14 API calls 13372->13374 13373->12976 13374->13373 13608 8a84f0 13375->13608 13378 897182 CatchGuardHandler 5 API calls 13379 893777 13378->13379 13379->12976 13380 8935a5 13381 892f7a 14 API calls 13380->13381 13391 8935cf 13380->13391 13382 8935ff 13381->13382 13610 89377b 13382->13610 13385 89377b 69 API calls 13386 89362a CreateFileW 13385->13386 13387 893753 13386->13387 13388 893654 13386->13388 13389 892f5f RtlFreeHeap 13387->13389 13626 8a9ad4 13388->13626 13389->13391 13391->13378 13393 893691 13397 8936a8 ReadFile 13393->13397 13398 8936fe 13393->13398 13394 893706 FindCloseChangeNotification 13395 89371a 13394->13395 13396 89372e 13394->13396 13395->13396 13401 89293d 15 API calls 13395->13401 13396->13387 13400 893747 SetFilePointer 13396->13400 13397->13398 13399 8936c5 WriteFile 13397->13399 13398->13394 13399->13393 13399->13398 13400->13387 13401->13396 13403 892bff 59 API calls 13402->13403 13404 892145 13403->13404 13405 892c26 RaiseException 13404->13405 13406 89215c GetModuleFileNameW 13405->13406 13407 8928b9 44 API calls 13406->13407 13408 892174 13407->13408 13409 8921bf 13408->13409 13412 892ba0 66 API calls 13408->13412 13410 892f5f RtlFreeHeap 13409->13410 13411 8919f8 13410->13411 13411->12977 13411->12983 13413 89218b 13412->13413 13414 892860 2 API calls 13413->13414 13415 892198 CopyFileW 13414->13415 13416 8921a9 13415->13416 13417 8921b5 13415->13417 13418 89293d 15 API calls 13416->13418 13419 892f5f RtlFreeHeap 13417->13419 13418->13417 13419->13409 13421 8928c4 13420->13421 13422 892e7d 44 API calls 13421->13422 13423 8928dd 13422->13423 13423->12988 13425 89157a 13424->13425 13426 89157e 13424->13426 13425->12991 13709 89344a 13426->13709 13428 8918a2 13429 8934e2 3 API calls 13428->13429 13431 8918b3 13429->13431 13431->12991 13432 8915a4 13432->13428 13433 8a879b 3 API calls 13432->13433 13434 891721 __InternalCxxFrameHandler 13432->13434 13433->13434 13719 8934e2 13434->13719 13436 892aaf 13435->13436 13437 892aba 13436->13437 13438 892acc 13436->13438 13439 892f7a 14 API calls 13437->13439 13440 892da5 58 API calls 13438->13440 13441 891b2c lstrcmpiW 13439->13441 13442 892ad3 13440->13442 13441->13016 13726 892e1c 13442->13726 13445 892bff 59 API calls 13444->13445 13446 891dc4 13445->13446 13447 8914eb 63 API calls 13446->13447 13448 891dd7 13447->13448 13449 892aa0 59 API calls 13448->13449 13450 891dee lstrcmpiW 13449->13450 13451 892f5f RtlFreeHeap 13450->13451 13452 891e01 13451->13452 13453 891e1d 13452->13453 13454 892c26 RaiseException 13452->13454 13456 892f5f RtlFreeHeap 13453->13456 13455 891e15 13454->13455 13457 892e7d 44 API calls 13455->13457 13458 891c3d 13456->13458 13457->13453 13458->13010 13458->13014 13460 892f7a 14 API calls 13459->13460 13461 8937f8 CallUnexpected 13460->13461 13462 89380c GetStartupInfoW 13461->13462 13463 893843 CreateProcessW 13462->13463 13464 893835 13462->13464 13465 89386e WaitForSingleObject 13463->13465 13466 893861 GetLastError 13463->13466 13467 8930d0 15 API calls 13464->13467 13469 893891 13465->13469 13470 893880 GetExitCodeProcess 13465->13470 13468 8938a4 13466->13468 13471 893840 13467->13471 13473 892f5f RtlFreeHeap 13468->13473 13472 893894 CloseHandle CloseHandle 13469->13472 13470->13472 13471->13463 13472->13468 13474 8938ac 13473->13474 13474->13015 13476 89352c 13475->13476 13477 893543 13475->13477 13478 8928df RaiseException 13476->13478 13736 892904 13477->13736 13480 893535 DeleteFileW 13478->13480 13480->13476 13480->13477 13483 892bff 59 API calls 13482->13483 13484 891fc0 13483->13484 13485 892c26 RaiseException 13484->13485 13486 891fd7 GetTempPathW 13485->13486 13487 8928b9 44 API calls 13486->13487 13488 891fec 13487->13488 13489 89200f 13488->13489 13490 891e34 65 API calls 13488->13490 13491 892f5f RtlFreeHeap 13489->13491 13492 891fff 13490->13492 13493 89201d 13491->13493 13492->13489 13494 892aef 14 API calls 13492->13494 13493->12967 13494->13489 13496 892a69 13495->13496 13497 892a72 13496->13497 13498 892a84 13496->13498 13499 892f7a 14 API calls 13497->13499 13500 892da5 58 API calls 13498->13500 13501 891b6c 13499->13501 13502 892a8b 13500->13502 13504 8a879b 13501->13504 13503 892e1c 44 API calls 13502->13503 13503->13501 13505 8a87a4 ___std_exception_copy 13504->13505 13506 8a87c3 13505->13506 13507 8a0829 __dosmaperr 2 API calls 13505->13507 13509 8a87c5 13505->13509 13506->13033 13507->13505 13508 8a8856 13510 899616 std::_Xinvalid_argument RaiseException 13508->13510 13509->13508 13745 899616 13509->13745 13512 8a8873 13510->13512 13514 892bff 59 API calls 13513->13514 13515 8914fb 13514->13515 13516 892c26 RaiseException 13515->13516 13517 891514 13516->13517 13748 89cfd8 13517->13748 13520 8928b9 44 API calls 13521 891558 13520->13521 13522 892ca8 44 API calls 13521->13522 13523 891564 13522->13523 13524 892f5f RtlFreeHeap 13523->13524 13525 89156c 13524->13525 13525->13036 13527 892bff 59 API calls 13526->13527 13528 891d05 13527->13528 13529 8914eb 63 API calls 13528->13529 13530 891d1b 13529->13530 13531 892a5b 59 API calls 13530->13531 13532 891d36 13531->13532 13533 892f5f RtlFreeHeap 13532->13533 13535 891d4d CallUnexpected 13533->13535 13534 892f5f RtlFreeHeap 13536 891da3 13534->13536 13537 891d63 GetModuleFileNameW 13535->13537 13542 891d95 13535->13542 13538 897182 CatchGuardHandler 5 API calls 13536->13538 13539 891d7f 13537->13539 13537->13542 13540 891db0 13538->13540 13541 8914eb 63 API calls 13539->13541 13539->13542 13540->13006 13541->13542 13542->13534 13544 892c26 RaiseException 13543->13544 13545 892871 PathAppendW 13544->13545 13546 892883 13545->13546 13547 891f51 CreateDirectoryW 13546->13547 13548 89103b RaiseException 13546->13548 13547->13341 13547->13342 13549 8928b8 13548->13549 13551 891e51 GetLastError 13550->13551 13552 891e62 13550->13552 13551->13552 13561 891e5e 13551->13561 13553 892bff 59 API calls 13552->13553 13554 891e6a 13553->13554 13555 892c26 RaiseException 13554->13555 13556 891e80 GetTempFileNameW 13555->13556 13557 8928b9 44 API calls 13556->13557 13558 891e9c 13557->13558 13560 891ea5 DeleteFileW CreateDirectoryW 13558->13560 13564 891ecb 13558->13564 13559 892f5f RtlFreeHeap 13559->13561 13562 891ebc 13560->13562 13560->13564 13561->13343 13565 892aef 13561->13565 13563 892aef 14 API calls 13562->13563 13563->13564 13564->13559 13566 892b07 13565->13566 13568 892b1b 13565->13568 13567 892f7a 14 API calls 13566->13567 13566->13568 13567->13568 13568->13343 13571 89294f 13569->13571 13575 89295f 13569->13575 13570 892095 13570->13361 13573 8929bf 13571->13573 13571->13575 13572 892f7a 14 API calls 13572->13570 13574 89103b RaiseException 13573->13574 13576 8929c9 13574->13576 13575->13570 13575->13572 13578 892399 13577->13578 13589 892391 13577->13589 13591 896440 13578->13591 13581 897182 CatchGuardHandler 5 API calls 13583 892103 13581->13583 13582 8a879b 3 API calls 13584 892400 13582->13584 13583->13369 13583->13370 13585 8a879b 3 API calls 13584->13585 13584->13589 13586 8924b8 13585->13586 13597 8964b6 13586->13597 13589->13581 13590 8924ff WriteFile 13590->13589 13592 896454 13591->13592 13593 8923c7 13592->13593 13601 8963ed 13592->13601 13593->13582 13600 89651a 13597->13600 13598 897182 CatchGuardHandler 5 API calls 13599 8924ed 13598->13599 13599->13589 13599->13590 13600->13598 13602 89640c 13601->13602 13603 896427 13602->13603 13604 89234d 3 API calls 13602->13604 13603->13593 13605 89234d 13603->13605 13604->13603 13606 8a879b 3 API calls 13605->13606 13607 892358 13606->13607 13607->13593 13609 893562 ReadFile 13608->13609 13609->13380 13609->13391 13632 892da5 13610->13632 13613 89378d 13617 8937b4 13613->13617 13618 8937a6 13613->13618 13614 8937d7 13615 89103b RaiseException 13614->13615 13616 8937e1 13615->13616 13619 892dc4 46 API calls 13617->13619 13620 8929de 51 API calls 13618->13620 13621 8937b2 13619->13621 13620->13621 13636 892ca8 13621->13636 13624 892f5f RtlFreeHeap 13625 893618 13624->13625 13625->13385 13627 8a9ae7 ___std_exception_copy 13626->13627 13648 89d05a 13627->13648 13629 8a9b08 13630 89bce0 ___std_exception_copy 43 API calls 13629->13630 13631 893663 SetFilePointer 13630->13631 13631->13393 13631->13394 13633 892dae 13632->13633 13634 8911d5 58 API calls 13633->13634 13635 892dbc 13633->13635 13634->13635 13635->13613 13635->13614 13637 892d2b 13636->13637 13640 892cce 13636->13640 13638 89103b RaiseException 13637->13638 13639 892d35 13638->13639 13640->13637 13641 892cf4 13640->13641 13642 892c26 RaiseException 13641->13642 13643 892d01 13642->13643 13644 893024 14 API calls 13643->13644 13645 892d17 13644->13645 13646 892e7d 44 API calls 13645->13646 13647 892d24 13646->13647 13647->13624 13662 89cf1b 13648->13662 13650 89d0b4 13656 89d0d8 13650->13656 13669 89cec0 13650->13669 13651 89d06c 13651->13650 13652 89d081 13651->13652 13661 89d09c 13651->13661 13653 89db83 ___std_exception_copy 29 API calls 13652->13653 13653->13661 13658 89d0fc 13656->13658 13676 89d2a1 13656->13676 13657 89d184 13659 89ce69 43 API calls 13657->13659 13658->13657 13683 89ce69 13658->13683 13659->13661 13661->13629 13663 89cf20 13662->13663 13664 89cf33 13662->13664 13665 89dcfe __dosmaperr 14 API calls 13663->13665 13664->13651 13666 89cf25 13665->13666 13667 89dc00 ___std_exception_copy 43 API calls 13666->13667 13668 89cf30 13667->13668 13668->13651 13670 89bee0 ___std_exception_copy 43 API calls 13669->13670 13671 89ced0 13670->13671 13689 8a14f9 13671->13689 13677 89d2ad 13676->13677 13678 89d2c3 13676->13678 13697 89fac4 13677->13697 13680 89d2d3 13678->13680 13702 8a2241 13678->13702 13680->13656 13681 89d2b8 13681->13656 13684 89ce7a 13683->13684 13685 89ce8e 13683->13685 13684->13685 13686 89dcfe __dosmaperr 14 API calls 13684->13686 13685->13657 13687 89ce83 13686->13687 13688 89dc00 ___std_exception_copy 43 API calls 13687->13688 13688->13685 13690 8a1510 13689->13690 13691 89ceed 13689->13691 13690->13691 13692 8a0200 ___scrt_uninitialize_crt 43 API calls 13690->13692 13693 8a1557 13691->13693 13692->13691 13694 8a156e 13693->13694 13695 89cefa 13693->13695 13694->13695 13696 89edc5 ___scrt_uninitialize_crt 43 API calls 13694->13696 13695->13656 13696->13695 13698 89d6f0 _unexpected 43 API calls 13697->13698 13699 89facf 13698->13699 13700 8a14cc 43 API calls 13699->13700 13701 89fadf 13700->13701 13701->13681 13703 89e408 43 API calls 13702->13703 13704 8a225e 13703->13704 13705 89fe0e 46 API calls 13704->13705 13708 8a226e 13704->13708 13705->13708 13706 897182 CatchGuardHandler 5 API calls 13707 8a230a 13706->13707 13707->13680 13708->13706 13710 8934e2 3 API calls 13709->13710 13711 893459 CreateFileW 13710->13711 13712 89347c CreateFileMappingW 13711->13712 13718 8934c0 13711->13718 13713 893490 MapViewOfFile 13712->13713 13714 8934d3 13712->13714 13715 8934ca CloseHandle 13713->13715 13716 8934a5 VirtualQuery 13713->13716 13717 8934e2 3 API calls 13714->13717 13715->13714 13716->13715 13716->13718 13717->13718 13718->13432 13720 8934f8 13719->13720 13721 8934eb UnmapViewOfFile 13719->13721 13722 89350b 13720->13722 13723 8934fe CloseHandle 13720->13723 13721->13720 13724 89351e 13722->13724 13725 893511 CloseHandle 13722->13725 13723->13722 13724->13428 13725->13724 13727 892e2a 13726->13727 13728 892e37 13726->13728 13727->13728 13731 892e3e 13727->13731 13729 89103b RaiseException 13728->13729 13730 892e77 13729->13730 13731->13730 13732 892e7d 44 API calls 13731->13732 13733 892e56 13732->13733 13734 893024 14 API calls 13733->13734 13735 892e63 13734->13735 13735->13441 13739 892910 13736->13739 13740 892930 13736->13740 13737 892f5f RtlFreeHeap 13737->13739 13739->13737 13741 892928 13739->13741 13742 89a800 13741->13742 13743 89dd6e __freea 14 API calls 13742->13743 13744 89a818 13743->13744 13744->13740 13746 89965d RaiseException 13745->13746 13747 899630 13745->13747 13746->13508 13747->13746 13749 89cfec ___std_exception_copy 13748->13749 13754 89aa52 13749->13754 13752 89bce0 ___std_exception_copy 43 API calls 13753 89153a 13752->13753 13753->13520 13755 89aa7e 13754->13755 13756 89aaa1 13754->13756 13757 89db83 ___std_exception_copy 29 API calls 13755->13757 13756->13755 13759 89aaa9 13756->13759 13763 89aa96 13757->13763 13758 897182 CatchGuardHandler 5 API calls 13760 89abd3 13758->13760 13765 89c206 13759->13765 13760->13752 13763->13758 13778 89cf36 13765->13778 13768 89c229 13769 89db83 ___std_exception_copy 29 API calls 13768->13769 13770 89ab2a 13769->13770 13775 89bd1c 13770->13775 13771 89c253 13771->13770 13782 89bf3c 13771->13782 13785 89c446 13771->13785 13826 89c5d4 13771->13826 13776 89dd6e __freea 14 API calls 13775->13776 13777 89bd2c 13776->13777 13777->13763 13779 89c21b 13778->13779 13780 89cf41 13778->13780 13779->13768 13779->13770 13779->13771 13781 89db83 ___std_exception_copy 29 API calls 13780->13781 13781->13779 13862 89ae3d 13782->13862 13784 89bf79 13784->13771 13786 89c46c 13785->13786 13787 89c454 13785->13787 13788 89db83 ___std_exception_copy 29 API calls 13786->13788 13791 89c4ad 13786->13791 13789 89c66e 13787->13789 13790 89c5fe 13787->13790 13787->13791 13794 89c4a1 13788->13794 13792 89c6c1 13789->13792 13793 89c673 13789->13793 13795 89c69b 13790->13795 13796 89c604 13790->13796 13791->13771 13799 89c625 13792->13799 13800 89c6ca 13792->13800 13797 89c6b5 13793->13797 13798 89c675 13793->13798 13794->13771 13903 89b5ac 13795->13903 13801 89c64b 13796->13801 13804 89c60a 13796->13804 13808 89c640 13796->13808 13920 89cd8b 13797->13920 13802 89c6a9 13798->13802 13803 89c67a 13798->13803 13825 89c639 13799->13825 13878 89cda1 13799->13878 13800->13795 13800->13808 13801->13802 13811 89c655 13801->13811 13821 89c631 13801->13821 13910 89caa3 13802->13910 13803->13795 13809 89c67f 13803->13809 13804->13802 13804->13811 13814 89c617 13804->13814 13808->13825 13882 89b72e 13808->13882 13812 89c692 13809->13812 13813 89c684 13809->13813 13811->13825 13889 89cc43 13811->13889 13899 89ccea 13812->13899 13813->13825 13895 89cd6e 13813->13895 13814->13799 13814->13802 13814->13825 13817 897182 CatchGuardHandler 5 API calls 13820 89c9f3 13817->13820 13820->13771 13822 89cec0 ___scrt_uninitialize_crt 43 API calls 13821->13822 13824 89c8d7 13821->13824 13821->13825 13822->13824 13824->13825 13923 8a20d2 13824->13923 13825->13817 13827 89c66e 13826->13827 13828 89c5fe 13826->13828 13829 89c6c1 13827->13829 13830 89c673 13827->13830 13831 89c69b 13828->13831 13832 89c604 13828->13832 13835 89c625 13829->13835 13836 89c6ca 13829->13836 13833 89c6b5 13830->13833 13834 89c675 13830->13834 13844 89b5ac 30 API calls 13831->13844 13837 89c64b 13832->13837 13842 89c60a 13832->13842 13843 89c640 13832->13843 13841 89cd8b 30 API calls 13833->13841 13839 89c6a9 13834->13839 13840 89c67a 13834->13840 13838 89cda1 43 API calls 13835->13838 13861 89c639 13835->13861 13836->13831 13836->13843 13837->13839 13847 89c655 13837->13847 13859 89c631 13837->13859 13838->13859 13845 89caa3 46 API calls 13839->13845 13840->13831 13846 89c67f 13840->13846 13841->13859 13842->13839 13842->13847 13851 89c617 13842->13851 13850 89b72e 30 API calls 13843->13850 13843->13861 13844->13859 13845->13859 13848 89c692 13846->13848 13849 89c684 13846->13849 13854 89cc43 44 API calls 13847->13854 13847->13861 13853 89ccea 29 API calls 13848->13853 13856 89cd6e 30 API calls 13849->13856 13849->13861 13850->13859 13851->13835 13851->13839 13851->13861 13852 897182 CatchGuardHandler 5 API calls 13855 89c9f3 13852->13855 13853->13859 13854->13859 13855->13771 13856->13859 13857 89cec0 ___scrt_uninitialize_crt 43 API calls 13860 89c8d7 13857->13860 13858 8a20d2 ___scrt_uninitialize_crt 44 API calls 13858->13860 13859->13857 13859->13860 13859->13861 13860->13858 13860->13861 13861->13852 13863 89cf1b 43 API calls 13862->13863 13865 89ae53 13863->13865 13864 89ae68 13866 89db83 ___std_exception_copy 29 API calls 13864->13866 13865->13864 13869 89ae9b 13865->13869 13871 89ae83 13865->13871 13866->13871 13867 89b19a 13868 89ce92 43 API calls 13867->13868 13868->13871 13869->13867 13872 89ce92 13869->13872 13871->13784 13873 89cebc 13872->13873 13874 89cea7 13872->13874 13873->13867 13874->13873 13875 89dcfe __dosmaperr 14 API calls 13874->13875 13876 89ceb1 13875->13876 13877 89dc00 ___std_exception_copy 43 API calls 13876->13877 13877->13873 13879 89cdbd 13878->13879 13881 89cddb 13879->13881 13935 89ce14 13879->13935 13881->13821 13883 89b742 13882->13883 13884 89b764 13883->13884 13886 89b78b 13883->13886 13885 89db83 ___std_exception_copy 29 API calls 13884->13885 13888 89b781 13885->13888 13886->13888 13939 89ad21 13886->13939 13888->13821 13890 89cc6f 13889->13890 13891 89cc8b 13890->13891 13892 89cec0 ___scrt_uninitialize_crt 43 API calls 13890->13892 13893 89ccac 13890->13893 13894 8a20d2 ___scrt_uninitialize_crt 44 API calls 13891->13894 13892->13891 13893->13821 13894->13893 13896 89cd7a 13895->13896 13953 89b42a 13896->13953 13898 89cd8a 13898->13821 13900 89ccff 13899->13900 13901 89db83 ___std_exception_copy 29 API calls 13900->13901 13902 89cd20 13900->13902 13901->13902 13902->13821 13904 89b5c0 13903->13904 13905 89b5e2 13904->13905 13907 89b609 13904->13907 13906 89db83 ___std_exception_copy 29 API calls 13905->13906 13909 89b5ff 13906->13909 13908 89ad21 15 API calls 13907->13908 13907->13909 13908->13909 13909->13821 13911 89cac4 13910->13911 13960 89aca0 13911->13960 13913 89cb08 13971 8a1f51 13913->13971 13916 89cbb5 13918 89cec0 ___scrt_uninitialize_crt 43 API calls 13916->13918 13919 89cbf1 13916->13919 13917 89cec0 ___scrt_uninitialize_crt 43 API calls 13917->13916 13918->13919 13919->13821 13919->13919 13921 89b72e 30 API calls 13920->13921 13922 89cda0 13921->13922 13922->13821 13925 8a20e6 13923->13925 13932 8a20f6 13923->13932 13924 8a211b 13927 8a214f 13924->13927 13928 8a212c 13924->13928 13925->13924 13926 89cec0 ___scrt_uninitialize_crt 43 API calls 13925->13926 13925->13932 13926->13924 13930 8a21cb 13927->13930 13931 8a2177 13927->13931 13927->13932 14032 8a570a 13928->14032 13933 89f0e2 ___scrt_uninitialize_crt MultiByteToWideChar 13930->13933 13931->13932 13934 89f0e2 ___scrt_uninitialize_crt MultiByteToWideChar 13931->13934 13932->13824 13933->13932 13934->13932 13936 89ce27 13935->13936 13938 89ce2e 13935->13938 13937 89cec0 ___scrt_uninitialize_crt 43 API calls 13936->13937 13937->13938 13938->13881 13940 89ad48 13939->13940 13941 89ad36 13939->13941 13940->13941 13942 89fae8 15 API calls 13940->13942 13941->13888 13943 89ad6d 13942->13943 13944 89ad80 13943->13944 13945 89ad75 13943->13945 13950 89bd36 13944->13950 13946 89dd6e __freea 14 API calls 13945->13946 13946->13941 13949 89dd6e __freea 14 API calls 13949->13941 13951 89dd6e __freea 14 API calls 13950->13951 13952 89ad8b 13951->13952 13952->13949 13954 89b43e 13953->13954 13955 89b460 13954->13955 13959 89b487 13954->13959 13956 89db83 ___std_exception_copy 29 API calls 13955->13956 13957 89b47d 13956->13957 13957->13898 13958 89ad21 15 API calls 13958->13957 13959->13957 13959->13958 13961 89acc7 13960->13961 13962 89acb5 13960->13962 13961->13962 13963 89fae8 15 API calls 13961->13963 13962->13913 13964 89aceb 13963->13964 13965 89acfe 13964->13965 13966 89acf3 13964->13966 13967 89bd36 14 API calls 13965->13967 13968 89dd6e __freea 14 API calls 13966->13968 13969 89ad09 13967->13969 13968->13962 13970 89dd6e __freea 14 API calls 13969->13970 13970->13962 13972 8a1f86 13971->13972 13974 8a1f62 13971->13974 13973 8a1fb9 13972->13973 13972->13974 13976 8a1ff2 13973->13976 13977 8a2021 13973->13977 13975 89db83 ___std_exception_copy 29 API calls 13974->13975 13984 89cb92 13975->13984 13990 8a1df5 13976->13990 13978 8a204a 13977->13978 13979 8a204f 13977->13979 13982 8a20b1 13978->13982 13983 8a2077 13978->13983 13998 8a168d 13979->13998 14025 8a19b9 13982->14025 13985 8a207c 13983->13985 13986 8a2097 13983->13986 13984->13916 13984->13917 14008 8a1d26 13985->14008 14018 8a1ba2 13986->14018 13991 8a1e0b 13990->13991 13992 8a1e16 13990->13992 13991->13984 13993 89a826 ___std_exception_copy 43 API calls 13992->13993 13994 8a1e71 13993->13994 13999 8a16a0 13998->13999 14035 8a633d 14032->14035 14038 8a6368 ___scrt_uninitialize_crt 14035->14038 14036 897182 CatchGuardHandler 5 API calls 14037 8a5725 14036->14037 14037->13932 14038->14036 14040 892da5 58 API calls 14039->14040 14041 89325a 14040->14041 14042 8932a4 14041->14042 14045 8929de 51 API calls 14041->14045 14043 89103b RaiseException 14042->14043 14044 8932b5 GetLastError SetLastError FormatMessageW 14043->14044 14048 8932fb GetLastError 14044->14048 14049 893305 SetLastError 14044->14049 14047 893276 14045->14047 14047->14042 14052 893283 14047->14052 14048->14049 14054 8933c1 14048->14054 14050 8933aa 14049->14050 14055 893315 14049->14055 14051 892c62 44 API calls 14050->14051 14053 8933b1 LocalFree 14051->14053 14057 892f5f RtlFreeHeap 14052->14057 14053->13074 14055->14050 14056 893326 14055->14056 14058 892c26 RaiseException 14056->14058 14059 8932a2 14057->14059 14060 89333d 14058->14060 14059->13074 14061 89334b 14060->14061 14062 893393 14060->14062 14064 89335c 14061->14064 14068 893372 14061->14068 14070 89336c __InternalCxxFrameHandler 14061->14070 14063 893024 14 API calls 14062->14063 14063->14070 14066 89dcfe __dosmaperr 14 API calls 14064->14066 14065 892e7d 44 API calls 14067 8933a8 14065->14067 14069 893361 14066->14069 14067->14053 14068->14070 14071 89dcfe __dosmaperr 14 API calls 14068->14071 14072 89dc00 ___std_exception_copy 43 API calls 14069->14072 14070->14065 14071->14069 14072->14070 14074 89a740 14073->14074 14077 89a752 ___scrt_uninitialize_crt 14073->14077 14075 89a74e 14074->14075 14078 8a0e63 14074->14078 14075->12503 14077->12503 14081 8a0cf0 14078->14081 14084 8a0c44 14081->14084 14085 8a0c50 __FrameHandler3::FrameUnwindToState 14084->14085 14092 89f32d EnterCriticalSection 14085->14092 14087 8a0c5a ___scrt_uninitialize_crt 14088 8a0cc6 14087->14088 14093 8a0bb8 14087->14093 14101 8a0ce4 14088->14101 14092->14087 14094 8a0bc4 __FrameHandler3::FrameUnwindToState 14093->14094 14104 8a0f80 EnterCriticalSection 14094->14104 14096 8a0c1a 14118 8a0c38 14096->14118 14097 8a0bce ___scrt_uninitialize_crt 14097->14096 14105 8a0dfe 14097->14105 14220 89f375 LeaveCriticalSection 14101->14220 14103 8a0cd2 14103->14075 14104->14097 14106 8a0e13 ___std_exception_copy 14105->14106 14107 8a0e1a 14106->14107 14108 8a0e25 14106->14108 14109 8a0cf0 ___scrt_uninitialize_crt 72 API calls 14107->14109 14121 8a0d95 14108->14121 14111 8a0e20 14109->14111 14113 89bce0 ___std_exception_copy 43 API calls 14111->14113 14114 8a0e5d 14113->14114 14114->14096 14116 8a0e46 14134 8a2df3 14116->14134 14219 8a0f94 LeaveCriticalSection 14118->14219 14120 8a0c26 14120->14087 14122 8a0dae 14121->14122 14123 8a0dd5 14121->14123 14122->14123 14124 8a2205 ___scrt_uninitialize_crt 43 API calls 14122->14124 14123->14111 14127 8a2205 14123->14127 14125 8a0dca 14124->14125 14145 8a361e 14125->14145 14128 8a2211 14127->14128 14129 8a2226 14127->14129 14130 89dcfe __dosmaperr 14 API calls 14128->14130 14129->14116 14131 8a2216 14130->14131 14132 89dc00 ___std_exception_copy 43 API calls 14131->14132 14133 8a2221 14132->14133 14133->14116 14135 8a2e11 14134->14135 14136 8a2e04 14134->14136 14138 8a2e5a 14135->14138 14141 8a2e38 14135->14141 14137 89dcfe __dosmaperr 14 API calls 14136->14137 14144 8a2e09 14137->14144 14139 89dcfe __dosmaperr 14 API calls 14138->14139 14140 8a2e5f 14139->14140 14142 89dc00 ___std_exception_copy 43 API calls 14140->14142 14186 8a2d51 14141->14186 14142->14144 14144->14111 14147 8a362a __FrameHandler3::FrameUnwindToState 14145->14147 14146 8a36ee 14148 89db83 ___std_exception_copy 29 API calls 14146->14148 14147->14146 14149 8a367f 14147->14149 14155 8a3632 14147->14155 14148->14155 14156 89f50b EnterCriticalSection 14149->14156 14151 8a3685 14152 8a36a2 14151->14152 14157 8a3726 14151->14157 14183 8a36e6 14152->14183 14155->14123 14156->14151 14158 8a374b 14157->14158 14181 8a376e ___scrt_uninitialize_crt 14157->14181 14159 8a374f 14158->14159 14161 8a37ad 14158->14161 14160 89db83 ___std_exception_copy 29 API calls 14159->14160 14160->14181 14162 8a37c4 14161->14162 14163 8a58f4 ___scrt_uninitialize_crt 45 API calls 14161->14163 14164 8a32aa ___scrt_uninitialize_crt 44 API calls 14162->14164 14163->14162 14165 8a37ce 14164->14165 14166 8a3814 14165->14166 14167 8a37d4 14165->14167 14168 8a3828 14166->14168 14169 8a3877 WriteFile 14166->14169 14170 8a37db 14167->14170 14171 8a37fe 14167->14171 14172 8a3830 14168->14172 14173 8a3865 14168->14173 14174 8a3899 GetLastError 14169->14174 14169->14181 14178 8a3242 ___scrt_uninitialize_crt 6 API calls 14170->14178 14170->14181 14175 8a2e70 ___scrt_uninitialize_crt 49 API calls 14171->14175 14176 8a3853 14172->14176 14177 8a3835 14172->14177 14179 8a3328 ___scrt_uninitialize_crt 7 API calls 14173->14179 14174->14181 14175->14181 14180 8a34ec ___scrt_uninitialize_crt 8 API calls 14176->14180 14177->14181 14182 8a3403 ___scrt_uninitialize_crt 7 API calls 14177->14182 14178->14181 14179->14181 14180->14181 14181->14152 14182->14181 14184 89f52e ___scrt_uninitialize_crt LeaveCriticalSection 14183->14184 14185 8a36ec 14184->14185 14185->14155 14187 8a2d5d __FrameHandler3::FrameUnwindToState 14186->14187 14199 89f50b EnterCriticalSection 14187->14199 14189 8a2d6c 14190 8a2db1 14189->14190 14200 89f5e2 14189->14200 14191 89dcfe __dosmaperr 14 API calls 14190->14191 14193 8a2db8 14191->14193 14216 8a2de7 14193->14216 14194 8a2d98 FlushFileBuffers 14194->14193 14195 8a2da4 GetLastError 14194->14195 14213 89dceb 14195->14213 14199->14189 14201 89f5ef 14200->14201 14202 89f604 14200->14202 14203 89dceb __dosmaperr 14 API calls 14201->14203 14205 89dceb __dosmaperr 14 API calls 14202->14205 14208 89f629 14202->14208 14204 89f5f4 14203->14204 14207 89dcfe __dosmaperr 14 API calls 14204->14207 14206 89f634 14205->14206 14209 89dcfe __dosmaperr 14 API calls 14206->14209 14210 89f5fc 14207->14210 14208->14194 14211 89f63c 14209->14211 14210->14194 14212 89dc00 ___std_exception_copy 43 API calls 14211->14212 14212->14210 14214 89d841 __dosmaperr 14 API calls 14213->14214 14215 89dcf0 14214->14215 14215->14190 14217 89f52e ___scrt_uninitialize_crt LeaveCriticalSection 14216->14217 14218 8a2dd0 14217->14218 14218->14144 14219->14120 14220->14103 15020 89a221 15023 89a186 15020->15023 15024 89a192 __FrameHandler3::FrameUnwindToState 15023->15024 15031 89f32d EnterCriticalSection 15024->15031 15026 89a1ca 15032 89a1e8 15026->15032 15027 89a19c 15027->15026 15030 8a0281 ___scrt_uninitialize_crt 14 API calls 15027->15030 15030->15027 15031->15027 15035 89f375 LeaveCriticalSection 15032->15035 15034 89a1d6 15035->15034 14763 89d5b7 14764 89d5c2 14763->14764 14768 89d5d2 14763->14768 14769 89d5d8 14764->14769 14767 89dd6e __freea 14 API calls 14767->14768 14770 89d5ed 14769->14770 14771 89d5f3 14769->14771 14773 89dd6e __freea 14 API calls 14770->14773 14772 89dd6e __freea 14 API calls 14771->14772 14774 89d5ff 14772->14774 14773->14771 14775 89dd6e __freea 14 API calls 14774->14775 14776 89d60a 14775->14776 14777 89dd6e __freea 14 API calls 14776->14777 14778 89d615 14777->14778 14779 89dd6e __freea 14 API calls 14778->14779 14780 89d620 14779->14780 14781 89dd6e __freea 14 API calls 14780->14781 14782 89d62b 14781->14782 14783 89dd6e __freea 14 API calls 14782->14783 14784 89d636 14783->14784 14785 89dd6e __freea 14 API calls 14784->14785 14786 89d641 14785->14786 14787 89dd6e __freea 14 API calls 14786->14787 14788 89d64c 14787->14788 14789 89dd6e __freea 14 API calls 14788->14789 14790 89d65a 14789->14790 14795 89d404 14790->14795 14796 89d410 __FrameHandler3::FrameUnwindToState 14795->14796 14811 89f32d EnterCriticalSection 14796->14811 14798 89d444 14812 89d463 14798->14812 14801 89d41a 14801->14798 14802 89dd6e __freea 14 API calls 14801->14802 14802->14798 14803 89d46f 14804 89d47b __FrameHandler3::FrameUnwindToState 14803->14804 14816 89f32d EnterCriticalSection 14804->14816 14806 89d485 14807 89d6a5 __dosmaperr 14 API calls 14806->14807 14808 89d498 14807->14808 14817 89d4b8 14808->14817 14811->14801 14815 89f375 LeaveCriticalSection 14812->14815 14814 89d451 14814->14803 14815->14814 14816->14806 14820 89f375 LeaveCriticalSection 14817->14820 14819 89d4a6 14819->14767 14820->14819 15098 8a0f34 15099 8a0e63 ___scrt_uninitialize_crt 72 API calls 15098->15099 15100 8a0f3c 15099->15100 15108 8a3926 15100->15108 15102 8a0f41 15118 8a39d1 15102->15118 15105 8a0f6b 15106 89dd6e __freea 14 API calls 15105->15106 15107 8a0f76 15106->15107 15109 8a3932 __FrameHandler3::FrameUnwindToState 15108->15109 15122 89f32d EnterCriticalSection 15109->15122 15111 8a39a9 15129 8a39c8 15111->15129 15112 8a393d 15112->15111 15115 8a397d DeleteCriticalSection 15112->15115 15123 8a5a69 15112->15123 15117 89dd6e __freea 14 API calls 15115->15117 15117->15112 15119 8a39e8 15118->15119 15121 8a0f50 DeleteCriticalSection 15118->15121 15120 89dd6e __freea 14 API calls 15119->15120 15119->15121 15120->15121 15121->15102 15121->15105 15122->15112 15124 8a5a7c ___std_exception_copy 15123->15124 15132 8a5944 15124->15132 15126 8a5a88 15127 89bce0 ___std_exception_copy 43 API calls 15126->15127 15128 8a5a94 15127->15128 15128->15112 15204 89f375 LeaveCriticalSection 15129->15204 15131 8a39b5 15131->15102 15133 8a5950 __FrameHandler3::FrameUnwindToState 15132->15133 15134 8a595a 15133->15134 15135 8a597d 15133->15135 15136 89db83 ___std_exception_copy 29 API calls 15134->15136 15138 8a5975 15135->15138 15143 8a0f80 EnterCriticalSection 15135->15143 15136->15138 15138->15126 15139 8a599b 15144 8a59db 15139->15144 15141 8a59a8 15158 8a59d3 15141->15158 15143->15139 15145 8a5a0b 15144->15145 15146 8a59e8 15144->15146 15148 8a0d95 ___scrt_uninitialize_crt 68 API calls 15145->15148 15157 8a5a03 15145->15157 15147 89db83 ___std_exception_copy 29 API calls 15146->15147 15147->15157 15149 8a5a23 15148->15149 15150 8a39d1 14 API calls 15149->15150 15151 8a5a2b 15150->15151 15152 8a2205 ___scrt_uninitialize_crt 43 API calls 15151->15152 15153 8a5a37 15152->15153 15161 8a669c 15153->15161 15156 89dd6e __freea 14 API calls 15156->15157 15157->15141 15203 8a0f94 LeaveCriticalSection 15158->15203 15160 8a59d9 15160->15138 15162 8a5a3e 15161->15162 15163 8a66c5 15161->15163 15162->15156 15162->15157 15164 8a6714 15163->15164 15166 8a66ec 15163->15166 15165 89db83 ___std_exception_copy 29 API calls 15164->15165 15165->15162 15168 8a660b 15166->15168 15169 8a6617 __FrameHandler3::FrameUnwindToState 15168->15169 15176 89f50b EnterCriticalSection 15169->15176 15171 8a6625 15172 8a6656 15171->15172 15177 8a673f 15171->15177 15190 8a6690 15172->15190 15176->15171 15178 89f5e2 ___scrt_uninitialize_crt 43 API calls 15177->15178 15180 8a674f 15178->15180 15179 8a6755 15193 89f551 15179->15193 15180->15179 15181 8a6787 15180->15181 15183 89f5e2 ___scrt_uninitialize_crt 43 API calls 15180->15183 15181->15179 15184 89f5e2 ___scrt_uninitialize_crt 43 API calls 15181->15184 15185 8a677e 15183->15185 15186 8a6793 CloseHandle 15184->15186 15187 89f5e2 ___scrt_uninitialize_crt 43 API calls 15185->15187 15186->15179 15188 8a679f GetLastError 15186->15188 15187->15181 15188->15179 15189 8a67ad ___scrt_uninitialize_crt 15189->15172 15202 89f52e LeaveCriticalSection 15190->15202 15192 8a6679 15192->15162 15194 89f560 15193->15194 15195 89f5c7 15193->15195 15194->15195 15201 89f58a 15194->15201 15196 89dcfe __dosmaperr 14 API calls 15195->15196 15197 89f5cc 15196->15197 15198 89dceb __dosmaperr 14 API calls 15197->15198 15199 89f5b7 15198->15199 15199->15189 15200 89f5b1 SetStdHandle 15200->15199 15201->15199 15201->15200 15202->15192 15203->15160 15204->15131 12371 892fcd 12372 892fde 12371->12372 12373 892fe7 12372->12373 12376 892ff1 12372->12376 12378 8930d0 12373->12378 12375 892fef 12376->12375 12385 893098 12376->12385 12379 8930ef 12378->12379 12389 8912ad 12379->12389 12381 893144 12383 89311b 12383->12375 12386 8930bb 12385->12386 12387 8930ac 12385->12387 12386->12375 12387->12386 12400 89131f 12387->12400 12390 8912f2 12389->12390 12391 8912bb 12389->12391 12390->12381 12393 893024 12390->12393 12391->12390 12399 891138 RtlAllocateHeap 12391->12399 12394 893036 12393->12394 12397 893059 __InternalCxxFrameHandler 12393->12397 12395 89dcfe __dosmaperr 14 API calls 12394->12395 12396 89303f CallUnexpected 12394->12396 12395->12396 12396->12397 12398 89dcfe 14 API calls __dosmaperr 12396->12398 12397->12383 12398->12396 12399->12390 12401 89132a 12400->12401 12402 891365 12400->12402 12401->12402 12404 891168 12401->12404 12402->12386 12405 89117b 12404->12405 12407 891172 12404->12407 12406 89118b RtlReAllocateHeap 12405->12406 12405->12407 12406->12407 12407->12402 15416 8a0778 15417 8a07af 15416->15417 15418 8a0791 15416->15418 15418->15417 15419 89f7c8 48 API calls 15418->15419 15419->15418 11896 8a06f9 11897 8a0721 11896->11897 11898 8a0706 11896->11898 11900 8a0730 11897->11900 11920 8a2cb5 11897->11920 11898->11897 11899 8a0712 11898->11899 11917 89dcfe 11899->11917 11905 8a2ce8 11900->11905 11904 8a0717 CallUnexpected 11906 8a2d00 11905->11906 11907 8a2cf5 11905->11907 11909 8a2d08 11906->11909 11915 8a2d11 __dosmaperr 11906->11915 11927 89fae8 11907->11927 11934 89dd6e 11909->11934 11911 8a2d3b RtlReAllocateHeap 11913 8a2cfd 11911->11913 11911->11915 11912 8a2d16 11914 89dcfe __dosmaperr 14 API calls 11912->11914 11913->11904 11914->11913 11915->11911 11915->11912 11940 8a0829 11915->11940 11954 89d841 GetLastError 11917->11954 11919 89dd03 11919->11904 11921 8a2cc0 11920->11921 11922 8a2cd5 HeapSize 11920->11922 11923 89dcfe __dosmaperr 14 API calls 11921->11923 11922->11900 11924 8a2cc5 11923->11924 12155 89dc00 11924->12155 11928 89fb26 11927->11928 11929 89faf6 __dosmaperr 11927->11929 11930 89dcfe __dosmaperr 14 API calls 11928->11930 11929->11928 11931 89fb11 RtlAllocateHeap 11929->11931 11933 8a0829 __dosmaperr 2 API calls 11929->11933 11932 89fb24 11930->11932 11931->11929 11931->11932 11932->11913 11933->11929 11935 89dd79 RtlFreeHeap 11934->11935 11939 89dda3 11934->11939 11936 89dd8e GetLastError 11935->11936 11935->11939 11937 89dd9b __dosmaperr 11936->11937 11938 89dcfe __dosmaperr 12 API calls 11937->11938 11938->11939 11939->11913 11943 8a0856 11940->11943 11944 8a0862 __FrameHandler3::FrameUnwindToState 11943->11944 11949 89f32d EnterCriticalSection 11944->11949 11946 8a086d 11950 8a08a9 11946->11950 11949->11946 11953 89f375 LeaveCriticalSection 11950->11953 11952 8a0834 11952->11915 11953->11952 11955 89d857 11954->11955 11958 89d85d 11954->11958 11977 8a054a 11955->11977 11975 89d861 SetLastError 11958->11975 11982 8a0589 11958->11982 11963 89d8a7 11966 8a0589 __dosmaperr 6 API calls 11963->11966 11964 89d896 11965 8a0589 __dosmaperr 6 API calls 11964->11965 11967 89d8a4 11965->11967 11968 89d8b3 11966->11968 11973 89dd6e __freea 12 API calls 11967->11973 11969 89d8ce 11968->11969 11970 89d8b7 11968->11970 11994 89d51e 11969->11994 11972 8a0589 __dosmaperr 6 API calls 11970->11972 11972->11967 11973->11975 11975->11919 11976 89dd6e __freea 12 API calls 11976->11975 11999 8a03ea 11977->11999 11979 8a0566 11980 8a056f 11979->11980 11981 8a0581 TlsGetValue 11979->11981 11980->11958 11983 8a03ea __dosmaperr 5 API calls 11982->11983 11984 8a05a5 11983->11984 11985 89d879 11984->11985 11986 8a05c3 TlsSetValue 11984->11986 11985->11975 11987 89dd11 11985->11987 11988 89dd1e __dosmaperr 11987->11988 11989 89dd5e 11988->11989 11990 89dd49 RtlAllocateHeap 11988->11990 11993 8a0829 __dosmaperr 2 API calls 11988->11993 11992 89dcfe __dosmaperr 13 API calls 11989->11992 11990->11988 11991 89d88e 11990->11991 11991->11963 11991->11964 11992->11991 11993->11988 12013 89d3b2 11994->12013 12000 8a0418 11999->12000 12004 8a0414 __dosmaperr 11999->12004 12000->12004 12005 8a031f 12000->12005 12003 8a0432 GetProcAddress 12003->12004 12004->11979 12006 8a0330 12005->12006 12007 8a03c6 12006->12007 12008 8a034e LoadLibraryExW 12006->12008 12012 8a039c LoadLibraryExW 12006->12012 12007->12003 12007->12004 12009 8a0369 GetLastError 12008->12009 12010 8a03cd 12008->12010 12009->12006 12010->12007 12011 8a03df FreeLibrary 12010->12011 12011->12007 12012->12006 12012->12010 12014 89d3be __FrameHandler3::FrameUnwindToState 12013->12014 12027 89f32d EnterCriticalSection 12014->12027 12016 89d3c8 12028 89d3f8 12016->12028 12019 89d4c4 12020 89d4d0 __FrameHandler3::FrameUnwindToState 12019->12020 12032 89f32d EnterCriticalSection 12020->12032 12022 89d4da 12033 89d6a5 12022->12033 12024 89d4f2 12037 89d512 12024->12037 12027->12016 12031 89f375 LeaveCriticalSection 12028->12031 12030 89d3e6 12030->12019 12031->12030 12032->12022 12034 89d6b4 __dosmaperr 12033->12034 12036 89d6db __dosmaperr 12033->12036 12034->12036 12040 89ffb4 12034->12040 12036->12024 12154 89f375 LeaveCriticalSection 12037->12154 12039 89d500 12039->11976 12041 8a0034 12040->12041 12045 89ffca 12040->12045 12042 8a0082 12041->12042 12044 89dd6e __freea 14 API calls 12041->12044 12108 8a0125 12042->12108 12047 8a0056 12044->12047 12045->12041 12046 89fffd 12045->12046 12050 89dd6e __freea 14 API calls 12045->12050 12048 8a001f 12046->12048 12056 89dd6e __freea 14 API calls 12046->12056 12049 89dd6e __freea 14 API calls 12047->12049 12053 89dd6e __freea 14 API calls 12048->12053 12051 8a0069 12049->12051 12055 89fff2 12050->12055 12057 89dd6e __freea 14 API calls 12051->12057 12052 8a0090 12054 8a00f0 12052->12054 12061 89dd6e 14 API calls __freea 12052->12061 12058 8a0029 12053->12058 12060 89dd6e __freea 14 API calls 12054->12060 12068 89f854 12055->12068 12063 8a0014 12056->12063 12064 8a0077 12057->12064 12059 89dd6e __freea 14 API calls 12058->12059 12059->12041 12065 8a00f6 12060->12065 12061->12052 12096 89f952 12063->12096 12067 89dd6e __freea 14 API calls 12064->12067 12065->12036 12067->12042 12069 89f865 12068->12069 12095 89f94e 12068->12095 12070 89f876 12069->12070 12071 89dd6e __freea 14 API calls 12069->12071 12072 89f888 12070->12072 12074 89dd6e __freea 14 API calls 12070->12074 12071->12070 12073 89f89a 12072->12073 12075 89dd6e __freea 14 API calls 12072->12075 12076 89f8ac 12073->12076 12077 89dd6e __freea 14 API calls 12073->12077 12074->12072 12075->12073 12078 89f8be 12076->12078 12079 89dd6e __freea 14 API calls 12076->12079 12077->12076 12080 89f8d0 12078->12080 12082 89dd6e __freea 14 API calls 12078->12082 12079->12078 12081 89f8e2 12080->12081 12083 89dd6e __freea 14 API calls 12080->12083 12084 89f8f4 12081->12084 12085 89dd6e __freea 14 API calls 12081->12085 12082->12080 12083->12081 12086 89f906 12084->12086 12087 89dd6e __freea 14 API calls 12084->12087 12085->12084 12088 89f918 12086->12088 12090 89dd6e __freea 14 API calls 12086->12090 12087->12086 12089 89f92a 12088->12089 12091 89dd6e __freea 14 API calls 12088->12091 12092 89dd6e __freea 14 API calls 12089->12092 12093 89f93c 12089->12093 12090->12088 12091->12089 12092->12093 12094 89dd6e __freea 14 API calls 12093->12094 12093->12095 12094->12095 12095->12046 12097 89f95f 12096->12097 12107 89f9b7 12096->12107 12098 89f96f 12097->12098 12100 89dd6e __freea 14 API calls 12097->12100 12099 89f981 12098->12099 12101 89dd6e __freea 14 API calls 12098->12101 12102 89f993 12099->12102 12103 89dd6e __freea 14 API calls 12099->12103 12100->12098 12101->12099 12104 89f9a5 12102->12104 12105 89dd6e __freea 14 API calls 12102->12105 12103->12102 12106 89dd6e __freea 14 API calls 12104->12106 12104->12107 12105->12104 12106->12107 12107->12048 12109 8a0132 12108->12109 12113 8a0151 12108->12113 12109->12113 12114 89f9e0 12109->12114 12112 89dd6e __freea 14 API calls 12112->12113 12113->12052 12115 89fabe 12114->12115 12116 89f9f1 12114->12116 12115->12112 12150 89f9bb 12116->12150 12119 89f9bb __dosmaperr 14 API calls 12120 89fa04 12119->12120 12121 89f9bb __dosmaperr 14 API calls 12120->12121 12122 89fa0f 12121->12122 12123 89f9bb __dosmaperr 14 API calls 12122->12123 12124 89fa1a 12123->12124 12125 89f9bb __dosmaperr 14 API calls 12124->12125 12126 89fa28 12125->12126 12127 89dd6e __freea 14 API calls 12126->12127 12128 89fa33 12127->12128 12129 89dd6e __freea 14 API calls 12128->12129 12130 89fa3e 12129->12130 12131 89dd6e __freea 14 API calls 12130->12131 12132 89fa49 12131->12132 12133 89f9bb __dosmaperr 14 API calls 12132->12133 12134 89fa57 12133->12134 12135 89f9bb __dosmaperr 14 API calls 12134->12135 12136 89fa65 12135->12136 12137 89f9bb __dosmaperr 14 API calls 12136->12137 12138 89fa76 12137->12138 12139 89f9bb __dosmaperr 14 API calls 12138->12139 12140 89fa84 12139->12140 12141 89f9bb __dosmaperr 14 API calls 12140->12141 12142 89fa92 12141->12142 12143 89dd6e __freea 14 API calls 12142->12143 12144 89fa9d 12143->12144 12145 89dd6e __freea 14 API calls 12144->12145 12146 89faa8 12145->12146 12147 89dd6e __freea 14 API calls 12146->12147 12148 89fab3 12147->12148 12149 89dd6e __freea 14 API calls 12148->12149 12149->12115 12151 89f9cd 12150->12151 12152 89f9dc 12151->12152 12153 89dd6e __freea 14 API calls 12151->12153 12152->12119 12153->12151 12154->12039 12157 89db4c 12155->12157 12158 89db5e ___std_exception_copy 12157->12158 12163 89db83 12158->12163 12164 89db9a 12163->12164 12165 89db93 12163->12165 12168 89db76 12164->12168 12182 89d9db 12164->12182 12178 89be90 GetLastError 12165->12178 12172 89bce0 12168->12172 12169 89dbcf 12169->12168 12185 89dc2d IsProcessorFeaturePresent 12169->12185 12171 89dbff 12173 89bcec 12172->12173 12174 89bd03 12173->12174 12225 89bee0 12173->12225 12176 89bd16 12174->12176 12177 89bee0 ___std_exception_copy 43 API calls 12174->12177 12177->12176 12179 89bea9 12178->12179 12189 89d8f2 12179->12189 12183 89d9ff 12182->12183 12184 89d9e6 GetLastError SetLastError 12182->12184 12183->12169 12184->12169 12186 89dc39 12185->12186 12211 89da04 12186->12211 12190 89d90b 12189->12190 12191 89d905 12189->12191 12193 8a0589 __dosmaperr 6 API calls 12190->12193 12210 89bec5 SetLastError 12190->12210 12192 8a054a __dosmaperr 6 API calls 12191->12192 12192->12190 12194 89d925 12193->12194 12195 89dd11 __dosmaperr 14 API calls 12194->12195 12194->12210 12196 89d935 12195->12196 12197 89d93d 12196->12197 12198 89d952 12196->12198 12199 8a0589 __dosmaperr 6 API calls 12197->12199 12200 8a0589 __dosmaperr 6 API calls 12198->12200 12208 89d949 12199->12208 12201 89d95e 12200->12201 12202 89d971 12201->12202 12203 89d962 12201->12203 12204 89d51e __dosmaperr 14 API calls 12202->12204 12206 8a0589 __dosmaperr 6 API calls 12203->12206 12207 89d97c 12204->12207 12205 89dd6e __freea 14 API calls 12205->12210 12206->12208 12209 89dd6e __freea 14 API calls 12207->12209 12208->12205 12209->12210 12210->12164 12212 89da20 CallUnexpected 12211->12212 12213 89da4c IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 12212->12213 12216 89db1d CallUnexpected 12213->12216 12215 89db3b GetCurrentProcess TerminateProcess 12215->12171 12217 897182 12216->12217 12218 89718b IsProcessorFeaturePresent 12217->12218 12219 89718a 12217->12219 12221 8971cd 12218->12221 12219->12215 12224 897190 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 12221->12224 12223 8972b0 12223->12215 12224->12223 12226 89bf2f 12225->12226 12227 89beee GetLastError 12225->12227 12226->12174 12228 89befd 12227->12228 12229 89d8f2 ___std_exception_copy 14 API calls 12228->12229 12230 89bf1a SetLastError 12229->12230 12230->12226 12231 89bf36 12230->12231 12234 89a880 12231->12234 12245 8a0980 12234->12245 12237 89a890 12239 89a89a IsProcessorFeaturePresent 12237->12239 12244 89a8b9 12237->12244 12240 89a8a6 12239->12240 12243 89da04 CallUnexpected 8 API calls 12240->12243 12243->12244 12275 89a0f7 12244->12275 12278 8a08b2 12245->12278 12248 8a09c5 12249 8a09d1 __FrameHandler3::FrameUnwindToState 12248->12249 12250 89d841 __dosmaperr 14 API calls 12249->12250 12254 8a09fe CallUnexpected 12249->12254 12255 8a09f8 CallUnexpected 12249->12255 12250->12255 12251 8a0a45 12252 89dcfe __dosmaperr 14 API calls 12251->12252 12253 8a0a4a 12252->12253 12256 89dc00 ___std_exception_copy 43 API calls 12253->12256 12257 8a0a71 12254->12257 12289 89f32d EnterCriticalSection 12254->12289 12255->12251 12255->12254 12274 8a0a2f 12255->12274 12256->12274 12259 8a0ab3 12257->12259 12260 8a0ba4 12257->12260 12271 8a0ae2 12257->12271 12259->12271 12290 89d6f0 GetLastError 12259->12290 12263 8a0baf 12260->12263 12321 89f375 LeaveCriticalSection 12260->12321 12265 89a0f7 CallUnexpected 23 API calls 12263->12265 12267 8a0bb7 12265->12267 12268 89d6f0 _unexpected 43 API calls 12272 8a0b37 12268->12272 12270 89d6f0 _unexpected 43 API calls 12270->12271 12317 8a0b51 12271->12317 12273 89d6f0 _unexpected 43 API calls 12272->12273 12272->12274 12273->12274 12274->12237 12323 899f5e 12275->12323 12279 8a08be __FrameHandler3::FrameUnwindToState 12278->12279 12284 89f32d EnterCriticalSection 12279->12284 12281 8a08cc 12285 8a090a 12281->12285 12284->12281 12288 89f375 LeaveCriticalSection 12285->12288 12287 89a885 12287->12237 12287->12248 12288->12287 12289->12257 12291 89d70c 12290->12291 12292 89d706 12290->12292 12293 8a0589 __dosmaperr 6 API calls 12291->12293 12296 89d710 SetLastError 12291->12296 12294 8a054a __dosmaperr 6 API calls 12292->12294 12295 89d728 12293->12295 12294->12291 12295->12296 12298 89dd11 __dosmaperr 14 API calls 12295->12298 12300 89d7a0 12296->12300 12301 89d7a5 12296->12301 12299 89d73d 12298->12299 12302 89d745 12299->12302 12303 89d756 12299->12303 12300->12270 12304 89a880 CallUnexpected 41 API calls 12301->12304 12305 8a0589 __dosmaperr 6 API calls 12302->12305 12306 8a0589 __dosmaperr 6 API calls 12303->12306 12307 89d7aa 12304->12307 12308 89d753 12305->12308 12309 89d762 12306->12309 12312 89dd6e __freea 14 API calls 12308->12312 12310 89d77d 12309->12310 12311 89d766 12309->12311 12313 89d51e __dosmaperr 14 API calls 12310->12313 12314 8a0589 __dosmaperr 6 API calls 12311->12314 12312->12296 12315 89d788 12313->12315 12314->12308 12316 89dd6e __freea 14 API calls 12315->12316 12316->12296 12318 8a0b28 12317->12318 12319 8a0b57 12317->12319 12318->12268 12318->12272 12318->12274 12322 89f375 LeaveCriticalSection 12319->12322 12321->12263 12322->12318 12324 899f8b 12323->12324 12325 899f9d 12323->12325 12350 896e57 GetModuleHandleW 12324->12350 12335 899e26 12325->12335 12328 899fda 12336 899e32 __FrameHandler3::FrameUnwindToState 12335->12336 12358 89f32d EnterCriticalSection 12336->12358 12338 899e3c 12359 899e73 12338->12359 12340 899e49 12363 899e67 12340->12363 12343 899ff5 12366 89a026 12343->12366 12346 89a013 12348 89a048 CallUnexpected 3 API calls 12346->12348 12347 89a003 GetCurrentProcess TerminateProcess 12347->12346 12349 89a01b ExitProcess 12348->12349 12351 896e63 12350->12351 12351->12325 12352 89a048 GetModuleHandleExW 12351->12352 12353 89a0a8 12352->12353 12354 89a087 GetProcAddress 12352->12354 12356 89a0ae FreeLibrary 12353->12356 12357 899f9c 12353->12357 12354->12353 12355 89a09b 12354->12355 12355->12353 12356->12357 12357->12325 12358->12338 12360 899e7f __FrameHandler3::FrameUnwindToState 12359->12360 12361 899ee6 CallUnexpected 12360->12361 12362 89a58e CallUnexpected 14 API calls 12360->12362 12361->12340 12362->12361 12364 89f375 CallUnexpected LeaveCriticalSection 12363->12364 12365 899e55 12364->12365 12365->12328 12365->12343 12367 89f38c CallUnexpected 6 API calls 12366->12367 12368 89a02b 12367->12368 12369 89a030 GetPEB 12368->12369 12370 899fff 12368->12370 12369->12370 12370->12346 12370->12347

                                                                                                                                                                            Executed Functions

                                                                                                                                                                            Function 00892024 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 97fileCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            • GetTempFileNameW.KERNELBASE(?,GUT,00000000,?), ref: 00892066
                                                                                                                                                                            • FindResourceW.KERNEL32(00000000,00000066,008AFB3C,?,?), ref: 008920A8
                                                                                                                                                                            • LoadResource.KERNEL32(00000000,00000000), ref: 008920B7
                                                                                                                                                                            • LockResource.KERNEL32(00000000), ref: 008920C2
                                                                                                                                                                            • CreateFileW.KERNELBASE(?,C0000000,00000000,00000000,00000004,00000000,00000000), ref: 008920E2
                                                                                                                                                                            • SizeofResource.KERNEL32(00000000,00000000,00000000), ref: 008920F4
                                                                                                                                                                            • SetFilePointerEx.KERNELBASE(00000000,00000000,00000000,00000000,00000000), ref: 0089210D
                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00892118
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2410756799.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.2410725014.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410816328.00000000008AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410868538.00000000008B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410903126.00000000008B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Resource$File$CloseCreateFindHandleLoadLockNamePointerSizeofTemp
                                                                                                                                                                            • String ID: GUT
                                                                                                                                                                            • API String ID: 3559219628-559840939
                                                                                                                                                                            • Opcode ID: a9f2cc98b5b0f59d37172c337e7866cba987090c282ba3c5e5cbf1d51d135ff7
                                                                                                                                                                            • Instruction ID: 6014a57d109c4592e4ecabbc8e4c304797d7d7f04673649b096ce5bd9361e2e5
                                                                                                                                                                            • Opcode Fuzzy Hash: a9f2cc98b5b0f59d37172c337e7866cba987090c282ba3c5e5cbf1d51d135ff7
                                                                                                                                                                            • Instruction Fuzzy Hash: 5821BFB1600219BFEB15FBA89C89EBB72ACFB05350F080564BA16D2591EB709D45C661
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 0089277B Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67libraryloaderCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll,SetDefaultDllDirectories), ref: 0089278F
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 00892796
                                                                                                                                                                            • CoInitializeEx.OLE32(00000000,00000006), ref: 008927AC
                                                                                                                                                                              • Part of subcall function 00892604: GetModuleFileNameW.KERNEL32(?,?,00000104), ref: 00892660
                                                                                                                                                                              • Part of subcall function 00892604: RegCreateKeyExW.KERNELBASE(80000001,Software\BraveSoftware\Promo,?,?,?,00020006,?,?,?), ref: 0089268F
                                                                                                                                                                              • Part of subcall function 00892604: lstrlenW.KERNEL32(?), ref: 008926A0
                                                                                                                                                                              • Part of subcall function 00892604: RegSetValueExW.KERNELBASE(?,StubInstallerPath,?,00000001,?,00000000), ref: 008926C3
                                                                                                                                                                              • Part of subcall function 00892604: RegCloseKey.ADVAPI32(?), ref: 008926D3
                                                                                                                                                                              • Part of subcall function 008926E9: GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00892725
                                                                                                                                                                              • Part of subcall function 008918B8: DeleteFileW.KERNELBASE(00000000,00000000,?,00000000,?,00892845,?,?), ref: 008918DA
                                                                                                                                                                              • Part of subcall function 008918B8: RemoveDirectoryW.KERNELBASE(?,?,00000000,?,00892845,?,?), ref: 008918F2
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2410756799.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.2410725014.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410816328.00000000008AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410868538.00000000008B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410903126.00000000008B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: FileModule$Name$AddressCloseCreateDeleteDirectoryHandleInitializeProcRemoveValuelstrlen
                                                                                                                                                                            • String ID: SetDefaultDllDirectories$kernel32.dll
                                                                                                                                                                            • API String ID: 3408119680-2102062458
                                                                                                                                                                            • Opcode ID: 6de605fd3df476a874ee19d282b5218c4f8e8c9b6170c066b6ff7353b6975735
                                                                                                                                                                            • Instruction ID: 2904cfed9c9186485a8f144386052332f6d988ff59f156dc348b9e1fbb77c556
                                                                                                                                                                            • Opcode Fuzzy Hash: 6de605fd3df476a874ee19d282b5218c4f8e8c9b6170c066b6ff7353b6975735
                                                                                                                                                                            • Instruction Fuzzy Hash: AD215930508312ABCA14FF68C8558AEBBA4FF55764F084929F495E25A1EF30DA09CB93
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00893B7C Relevance: 415.5, APIs: 1, Strings: 236, Instructions: 798COMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            • __Init_thread_footer.LIBCMT ref: 00894AF5
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2410756799.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.2410725014.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410816328.00000000008AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410868538.00000000008B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410903126.00000000008B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Init_thread_footer
                                                                                                                                                                            • String ID: AAV730$ABO677$AMV588$ANM246$APG060$APN295$APV192$ARO656$ASY224$BEM856$BHD893$BNI512$BOA207$BSB375$BSC752$BTZ601$BUE553$BWC385$BXN418$BXV384$BYJ598$CBW249$CCJ078$CCQ716$CCU246$CEL792$CFT923$CHY006$CJO449$CSY475$CTD238$CVB741$CZQ141$DFG223$DFQ107$DHU083$DKD200$DLQ981$DPM796$DPX255$DRR783$DSE071$DSL157$DVZ178$DWC715$DZF201$EBC998$EDE311$EHH775$EKB849$EPH628$ERQ913$ERW274$ERX748$ESP177$EZM037$EZM787$FBI093$FBW502$FEB604$FEX878$FFL997$FQW627$FST304$FUX638$GFQ506$GMM900$GMV203$GTW616$HFS553$HLK526$HQK918$HQL833$HXM441$HYJ986$IBU843$IFN767$IJZ122$ILY758$IOB292$IOJ320$IQC112$ITO318$IUX155$IXQ557$IXX292$JDT909$JJE625$JQP631$JRN526$JWA535$JYK534$KBJ557$KJD945$KJP000$KSU863$KVC600$KWZ833$KXC376$KYW570$LDD929$LIR950$LJT611$LRT088$LSS305$LWP706$LYD303$MEB961$MGD911$MJM666$MMT745$MOU235$MPO928$MQP631$MSG315$MTB027$MTS962$MZJ289$MZX864$NFF966$NGU383$NGY511$NHX686$NKZ324$NOQ491$NRX711$NUB585$NWN118$OCA003$OIE359$OIL401$OIQ043$OJV851$OLS686$OOB354$OOJ613$OOX752$OPV062$ORX404$OSB729$OVK455$OXU789$OZC828$OZD582$PJJ948$PNE044$PPD370$PRI875$PSN487$PZH825$QAA606$QFE427$QJQ727$QLM391$QPE677$QXS120$RBW016$RDS304$RHI430$RMB905$RMB962$RNH069$RPW794$RQH046$RZD797$SBW951$SFM009$SIV168$SLY677$SOB084$SOB703$TBD002$TJF413$TJK021$TNW414$TOT965$TQD211$TRR894$TSM531$TVJ301$TZS401$UEO521$UGI415$UGO473$UIH408$UNK157$UNQ913$UPF883$UPQ934$UQN934$UQS362$UTD029$UUD854$VBC538$VBQ225$VGT997$VIW485$VNI569$VWK786$VZF120$WGN943$WIR635$WIV076$WIX525$WKG906$WLJ467$XER314$XMW172$XMZ986$XOB016$XOX898$XPM257$XPO114$XTA152$YAB346$YBX790$YDQ106$YHC941$YHS197$YIZ978$YPH104$YQI537$YXG330$YXT225$YZR853$YZV909$ZGL739$ZIQ953$ZJN514$ZMC689$ZQM087$ZTT758$ZVI549$ZWR105$ZWV410$ZYB215
                                                                                                                                                                            • API String ID: 1385522511-319640288
                                                                                                                                                                            • Opcode ID: d0ddc644ebb1a4b40ac965ce1451dd02acef00b0f411dd3e03b36c982538ac28
                                                                                                                                                                            • Instruction ID: c36c17f158c709c9590859bba165ef0130f9b84d3f8259cc4bdeb69a244b97a6
                                                                                                                                                                            • Opcode Fuzzy Hash: d0ddc644ebb1a4b40ac965ce1451dd02acef00b0f411dd3e03b36c982538ac28
                                                                                                                                                                            • Instruction Fuzzy Hash: E4724830992214AEDB55FB54CC67FDDB3E0FB11710F9409E8A019F22929F746B4ACE4A
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00891935 Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 245stringCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 504 891935-891954 call 891edd 507 891969-89197d call 892024 504->507 508 891956-89195f call 891fad 504->508 514 891cce 507->514 515 891983-8919c8 call 892f7a 507->515 508->507 513 891961-891964 508->513 516 891cd0-891cde call 897182 513->516 514->516 521 8919ce-8919e2 call 893555 515->521 524 8919e8-8919ef 521->524 525 891cbc-891cc2 call 893520 521->525 524->521 526 8919f1-8919fa call 892132 524->526 529 891cc7-891cc8 CloseHandle 525->529 526->525 531 891a00-891a12 526->531 529->514 531->525 532 891a18-891a88 call 892f7a call 892c26 PathQuoteSpacesW call 8928b9 call 897760 GetModuleFileNameW 531->532 541 891a8a-891a8c 532->541 542 891aa3-891aa5 532->542 541->542 543 891a8e-891a94 call 891570 541->543 544 891aab-891ab4 542->544 548 891a99-891aa1 543->548 546 891aba-891abc 544->546 547 891c0e-891c2c call 8914eb call 891cdf 544->547 549 891ada-891b3d call 892b50 call 892bff call 893155 call 892aa0 lstrcmpiW call 892f5f 546->549 550 891abe-891ad5 call 89254e call 892f5f 546->550 560 891c31-891c3f call 891db4 547->560 548->544 580 891b42-891b44 549->580 550->525 567 891c8d-891c9d call 8937e2 560->567 568 891c41-891c43 560->568 574 891ca2-891ca6 567->574 568->567 570 891c45-891c88 call 892b50 call 8931c7 call 8914eb call 892f5f 568->570 570->567 577 891ca8-891cae call 8a85b1 574->577 578 891caf-891cba call 892f5f 574->578 577->578 578->525 585 891b4a-891bcb call 892a5b call 8a879b call 8a99b0 call 8a85b1 call 8914eb call 892f5f 580->585 586 891bcd-891bed call 8914eb 580->586 594 891bf0-891c0c call 892f5f * 2 585->594 586->594 594->560
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00891EDD: IsUserAnAdmin.SHELL32 ref: 00891EE6
                                                                                                                                                                            • PathQuoteSpacesW.SHLWAPI(00000000,00000104,?), ref: 00891A4F
                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(?,?,00000104), ref: 00891A80
                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?), ref: 00891CC8
                                                                                                                                                                              • Part of subcall function 00891FAD: GetTempPathW.KERNEL32(00000104,00000000,00000104,?,?,?,0089195D), ref: 00891FDC
                                                                                                                                                                            • lstrcmpiW.KERNELBASE(00000000,?,?,00000000,?,?,00000104), ref: 00891B2F
                                                                                                                                                                            • _strncpy.LIBCMT ref: 00891B89
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2410756799.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.2410725014.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410816328.00000000008AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410868538.00000000008B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410903126.00000000008B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Path$AdminCloseFileHandleModuleNameQuoteSpacesTempUser_strncpylstrcmpi
                                                                                                                                                                            • String ID: "%s"$ %s$ /%s %s /%s$ /%s /%s$&%s$&referral=%s$install$installsource$silent$taggedmi
                                                                                                                                                                            • API String ID: 2688778804-3043945572
                                                                                                                                                                            • Opcode ID: e502a6e861d85e4bc78cc1ff84f05dfcc5a556474c879cea1c5cae81c8a0ca55
                                                                                                                                                                            • Instruction ID: 488ddb82a89a286e9b310c83da0fca6d09c21de9dd7898b1b70c4d2a5756c0b9
                                                                                                                                                                            • Opcode Fuzzy Hash: e502a6e861d85e4bc78cc1ff84f05dfcc5a556474c879cea1c5cae81c8a0ca55
                                                                                                                                                                            • Instruction Fuzzy Hash: DF918F7194022DABCF20FB68DC89ADDB7B5FF15314F1801E9A409E3292EA749E85CF51
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00893555 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 159fileCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 631 893555-89359f call 8a84f0 ReadFile 634 893768 631->634 635 8935a5-8935af 631->635 636 89376a-893778 call 897182 634->636 635->634 637 8935b5-8935cd call 8a8874 635->637 642 8935cf-8935d2 637->642 643 8935d7-8935ef call 8a8874 637->643 642->636 643->634 646 8935f5-89364e call 892f7a call 89377b * 2 CreateFileW 643->646 653 893759-893766 call 892f5f 646->653 654 893654-89368f call 8a9ad4 SetFilePointer 646->654 653->636 659 893691-89369e 654->659 660 893706-893718 FindCloseChangeNotification 654->660 663 8936a8-8936c3 ReadFile 659->663 664 8936a0-8936a2 659->664 661 89371a-89371d 660->661 662 893742-893745 660->662 667 89371f-893729 call 89293d 661->667 668 89372e-893733 661->668 669 893753 662->669 670 893747-89374d SetFilePointer 662->670 665 893700 663->665 666 8936c5-8936e8 WriteFile 663->666 664->663 665->660 666->665 671 8936ea-8936fc 666->671 667->668 668->662 673 893735-893741 668->673 669->653 670->669 671->659 674 8936fe 671->674 673->662 674->660
                                                                                                                                                                            APIs
                                                                                                                                                                            • ReadFile.KERNELBASE(?,?,00000200,?,00000000,?,00000000,?,?,008919E0,?), ref: 00893597
                                                                                                                                                                            • CreateFileW.KERNELBASE(?,40000000,00000000,00000000,00000002,00000100,00000000,?,008AFDC8), ref: 0089363F
                                                                                                                                                                            • SetFilePointer.KERNELBASE(?,00000000,00000000,00000001), ref: 00893673
                                                                                                                                                                            • ReadFile.KERNELBASE(?,?,00040000,?,00000000), ref: 008936BB
                                                                                                                                                                            • WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 008936E0
                                                                                                                                                                            • FindCloseChangeNotification.KERNELBASE(?), ref: 0089370C
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2410756799.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.2410725014.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410816328.00000000008AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410868538.00000000008B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410903126.00000000008B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: File$Read$ChangeCloseCreateFindNotificationPointerWrite
                                                                                                                                                                            • String ID: ustar
                                                                                                                                                                            • API String ID: 3368226178-529472938
                                                                                                                                                                            • Opcode ID: f323ceebe92c7b64ea7de39491198ca5547cfa26d05c5b5e8286cf96c2472774
                                                                                                                                                                            • Instruction ID: 1c48e194c06e13b5d85c349091ba832d5332a80f81da5dd08d825ebc4832eccf
                                                                                                                                                                            • Opcode Fuzzy Hash: f323ceebe92c7b64ea7de39491198ca5547cfa26d05c5b5e8286cf96c2472774
                                                                                                                                                                            • Instruction Fuzzy Hash: 445193F194021DBEEF24AB64CD89EAA77B8FB05304F0400B9E619F6591E7B09B84CB15
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00892604 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 71registrystringCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 676 892604-892637 call 892b50 call 892f5f 681 8926d9-8926e8 call 897182 676->681 682 89263d-892668 call 897760 GetModuleFileNameW 676->682 682->681 687 89266a-89266c 682->687 687->681 688 89266e-892697 RegCreateKeyExW 687->688 688->681 689 892699-8926cb lstrlenW RegSetValueExW 688->689 689->681 690 8926cd-8926d3 RegCloseKey 689->690 690->681
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(?,?,00000104), ref: 00892660
                                                                                                                                                                            • RegCreateKeyExW.KERNELBASE(80000001,Software\BraveSoftware\Promo,?,?,?,00020006,?,?,?), ref: 0089268F
                                                                                                                                                                            • lstrlenW.KERNEL32(?), ref: 008926A0
                                                                                                                                                                            • RegSetValueExW.KERNELBASE(?,StubInstallerPath,?,00000001,?,00000000), ref: 008926C3
                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 008926D3
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2410756799.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.2410725014.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410816328.00000000008AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410868538.00000000008B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410903126.00000000008B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CloseCreateFileModuleNameValuelstrlen
                                                                                                                                                                            • String ID: Software\BraveSoftware\Promo$StubInstallerPath
                                                                                                                                                                            • API String ID: 2554618631-4237694635
                                                                                                                                                                            • Opcode ID: f1d3187f67aa714f579af6c5b638238e3943cf3ef67b344f0f4c9634dfc1914e
                                                                                                                                                                            • Instruction ID: 3d61555f338e022bec1957af24cee321e0617508a6f63cfb2a64b795ba0313b3
                                                                                                                                                                            • Opcode Fuzzy Hash: f1d3187f67aa714f579af6c5b638238e3943cf3ef67b344f0f4c9634dfc1914e
                                                                                                                                                                            • Instruction Fuzzy Hash: CA21627054122CBBDF21EB51DC8DEDB7B7CFF16350F0401A5B50AE2951DB309A84CAA1
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 008937E2 Relevance: 10.6, APIs: 7, Instructions: 84processsynchronizationCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            • GetStartupInfoW.KERNEL32(?,?,?,00000000), ref: 0089381C
                                                                                                                                                                            • CreateProcessW.KERNELBASE(00000000,00000010,00000000,00000000,00000000,00000400,00000000,00000000,?,?), ref: 00893857
                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00893861
                                                                                                                                                                            • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00893873
                                                                                                                                                                            • GetExitCodeProcess.KERNELBASE(?,?), ref: 00893884
                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 0089389D
                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 008938A2
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2410756799.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.2410725014.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410816328.00000000008AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410868538.00000000008B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410903126.00000000008B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CloseHandleProcess$CodeCreateErrorExitInfoLastObjectSingleStartupWait
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2373000011-0
                                                                                                                                                                            • Opcode ID: d14826c39ce203e7b0e5acf329a9ec7128ab21d48f5b6be262ae3f33e61503d1
                                                                                                                                                                            • Instruction ID: 7e1da8c206c63fd48948dc12b2cf4c24bde77847959274d51cbf4a064264b09e
                                                                                                                                                                            • Opcode Fuzzy Hash: d14826c39ce203e7b0e5acf329a9ec7128ab21d48f5b6be262ae3f33e61503d1
                                                                                                                                                                            • Instruction Fuzzy Hash: 50212A7190020DBFEF00ABB4CC869AEBB7CFF05358F144465B512E2560EB705E45DB61
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00891EDD Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 71COMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 00891EE6
                                                                                                                                                                            • SHGetFolderPathW.SHELL32(00000000,00008026,00000000,00000000,00000000,00000104,?,?,?,?,00891952), ref: 00891F25
                                                                                                                                                                            • CreateDirectoryW.KERNELBASE(?,00000000,BraveSoftware,?,?,?,?,?,00891952), ref: 00891F55
                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,00891952), ref: 00891F5F
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2410756799.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.2410725014.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410816328.00000000008AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410868538.00000000008B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410903126.00000000008B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AdminCreateDirectoryErrorFolderLastPathUser
                                                                                                                                                                            • String ID: BraveSoftware$Temp
                                                                                                                                                                            • API String ID: 943171645-1868006839
                                                                                                                                                                            • Opcode ID: 12eac4b7961cbee50092dffc49ee77c66479fe15f45cc14f7fc57e9abb446c62
                                                                                                                                                                            • Instruction ID: fc4cf10c67c07f7f28853e8235ad48dffba5f8b0ce37d0a10dd5a38161560596
                                                                                                                                                                            • Opcode Fuzzy Hash: 12eac4b7961cbee50092dffc49ee77c66479fe15f45cc14f7fc57e9abb446c62
                                                                                                                                                                            • Instruction Fuzzy Hash: 26215E7090420DBEDF14FBA8CD568EEB7B8FF11354B5401A4A402E2191EF709E05DA21
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00891E34 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 59fileCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 737 891e34-891e4f CreateDirectoryW 738 891e51-891e5c GetLastError 737->738 739 891e62-891e9e call 892bff call 892c26 GetTempFileNameW call 8928b9 737->739 738->739 740 891e5e-891e60 738->740 748 891ecd-891ed5 call 892f5f 739->748 749 891ea0-891ea3 739->749 742 891ed7-891eda 740->742 748->742 749->748 751 891ea5-891eba DeleteFileW CreateDirectoryW 749->751 751->748 753 891ebc-891ecb call 892aef 751->753 753->748
                                                                                                                                                                            APIs
                                                                                                                                                                            • CreateDirectoryW.KERNELBASE(?,00000000,?,00000000,Temp,?,?,?,?,00891952), ref: 00891E47
                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000,Temp,?,?,?,?,00891952), ref: 00891E51
                                                                                                                                                                            • GetTempFileNameW.KERNELBASE(?,GUM,00000000,00000000,00000104,?,00000000,Temp), ref: 00891E8C
                                                                                                                                                                            • DeleteFileW.KERNELBASE(000000FF,?,00000000,Temp), ref: 00891EA8
                                                                                                                                                                            • CreateDirectoryW.KERNELBASE(000000FF,00000000,?,00000000,Temp), ref: 00891EB2
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2410756799.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.2410725014.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410816328.00000000008AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410868538.00000000008B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410903126.00000000008B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CreateDirectoryFile$DeleteErrorLastNameTemp
                                                                                                                                                                            • String ID: GUM
                                                                                                                                                                            • API String ID: 55127950-1161156203
                                                                                                                                                                            • Opcode ID: cf700c5b782b542a06874cb5ff3eb1fee3e72aae34b85c084f7d425786312722
                                                                                                                                                                            • Instruction ID: 13b404d17c388c6731cd4e8166a94a8d9d3ee91e092535a5a1ee647e1ccc6147
                                                                                                                                                                            • Opcode Fuzzy Hash: cf700c5b782b542a06874cb5ff3eb1fee3e72aae34b85c084f7d425786312722
                                                                                                                                                                            • Instruction Fuzzy Hash: 0C11947590020ABFDF04BFA4CC498BD7BB9FF45394B180424F915D6590EB319E45DB51
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 0089344A Relevance: 7.6, APIs: 5, Instructions: 64fileCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 789 89344a-89347a call 8934e2 CreateFileW 792 8934da 789->792 793 89347c-89348e CreateFileMappingW 789->793 796 8934dc-8934df 792->796 794 893490-8934a3 MapViewOfFile 793->794 795 8934d3-8934d5 call 8934e2 793->795 797 8934ca-8934cd CloseHandle 794->797 798 8934a5-8934be VirtualQuery 794->798 795->792 797->795 798->797 800 8934c0-8934c8 798->800 800->796
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 008934E2: UnmapViewOfFile.KERNEL32(00000000,?,00893433,?,?,80004005,74DEE010,?,?,?,008914FB), ref: 008934EE
                                                                                                                                                                              • Part of subcall function 008934E2: CloseHandle.KERNEL32(00000000,?,00893433,?,?,80004005,74DEE010,?,?,?,008914FB), ref: 00893501
                                                                                                                                                                              • Part of subcall function 008934E2: CloseHandle.KERNEL32(000000FF,?,00893433,?,?,80004005,74DEE010,?,?,?,008914FB), ref: 00893514
                                                                                                                                                                            • CreateFileW.KERNELBASE(?,80000000,00000001,00000000,00000003,00000080,00000000,?,?,?,?,?,?,008915A4), ref: 0089346E
                                                                                                                                                                            • CreateFileMappingW.KERNELBASE(00000000,00000000,00000002,00000000,00000000,00000000,?,?,?,?,?,?,008915A4), ref: 00893483
                                                                                                                                                                            • MapViewOfFile.KERNELBASE(00000000,00000004,00000000,00000000,00000000,?,?,?,?,?,?,008915A4), ref: 00893496
                                                                                                                                                                            • VirtualQuery.KERNEL32(00000000,?,0000001C,?,?,?,?,?,?,008915A4), ref: 008934B6
                                                                                                                                                                            • CloseHandle.KERNEL32(6E6B6E75,?,?,?,?,?,?,008915A4), ref: 008934CD
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2410756799.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.2410725014.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410816328.00000000008AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410868538.00000000008B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410903126.00000000008B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: File$CloseHandle$CreateView$MappingQueryUnmapVirtual
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1729669285-0
                                                                                                                                                                            • Opcode ID: ba5821591934ca8d1b3c2240adea8046b0c4ac8d5ae6792ee1d1c370e8ffc6a5
                                                                                                                                                                            • Instruction ID: 2237d976d7b3af092609c6e104fb122d3706a680b15f3f8f76e87a5a8740a973
                                                                                                                                                                            • Opcode Fuzzy Hash: ba5821591934ca8d1b3c2240adea8046b0c4ac8d5ae6792ee1d1c370e8ffc6a5
                                                                                                                                                                            • Instruction Fuzzy Hash: 9E11A070600301BAEB356B36CC09F9B7AB9FBD2B10F04852CB526E6A90DB70A541CA25
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00892132 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56fileCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(00000000,00000000,00000104,00000104,?,00000000,?,008919F8,?), ref: 00892164
                                                                                                                                                                              • Part of subcall function 00892860: PathAppendW.SHLWAPI(00000000,?,00000104,?,00000000,?,00891F51,BraveSoftware,?,?,?,?,?,00891952), ref: 00892875
                                                                                                                                                                            • CopyFileW.KERNELBASE(?,?,00000000,BraveUpdateSetup.exe,?,?,00000000,?,008919F8,?), ref: 0089219F
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2410756799.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.2410725014.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410816328.00000000008AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410868538.00000000008B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410903126.00000000008B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: File$AppendCopyModuleNamePath
                                                                                                                                                                            • String ID: BraveUpdateSetup.exe
                                                                                                                                                                            • API String ID: 1240757089-2590033563
                                                                                                                                                                            • Opcode ID: 3dc1e7d6b4a5341efc25be964452fe4f41975834ac0a2847d14fd75e8601e638
                                                                                                                                                                            • Instruction ID: 85f4d1f5bdb13ed2148ab77f5e7b8bf572f253d3bf04d5d42b6f9763221fba6b
                                                                                                                                                                            • Opcode Fuzzy Hash: 3dc1e7d6b4a5341efc25be964452fe4f41975834ac0a2847d14fd75e8601e638
                                                                                                                                                                            • Instruction Fuzzy Hash: 8B117C75900208BFDF15FBA8C8928EEB7BCFB54310B1405A9E512E2195EB30AF05CA62
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00899FF5 Relevance: 4.5, APIs: 3, Instructions: 15COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            • GetCurrentProcess.KERNEL32(0089A108,?,00899FEF,00000000,?,?,0089A108,4D07BCF4,?,0089A108), ref: 0089A006
                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000,?,00899FEF,00000000,?,?,0089A108,4D07BCF4,?,0089A108), ref: 0089A00D
                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 0089A01F
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2410756799.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.2410725014.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410816328.00000000008AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410868538.00000000008B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410903126.00000000008B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Process$CurrentExitTerminate
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1703294689-0
                                                                                                                                                                            • Opcode ID: 523239bf5d812db5b48a24c07d599322f42f1066df9de7623dd34deb8e4df5bd
                                                                                                                                                                            • Instruction ID: 46288afa23526f01cb26c1dd0ef6ad92032d4b76737943caf307341181e327f2
                                                                                                                                                                            • Opcode Fuzzy Hash: 523239bf5d812db5b48a24c07d599322f42f1066df9de7623dd34deb8e4df5bd
                                                                                                                                                                            • Instruction Fuzzy Hash: 41D09E31000E08EBDF593F65DC0D9593F6AFF45391B494010F90586871DB359956DB93
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00894B06 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 52COMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00893A75: lstrcpynW.KERNEL32(?,?,00000104,?,?), ref: 00893A99
                                                                                                                                                                              • Part of subcall function 00893A75: PathStripPathW.SHLWAPI(?,?,00000104,?,?), ref: 00893AA6
                                                                                                                                                                              • Part of subcall function 00893A75: PathRemoveExtensionW.SHLWAPI(?,?,00000104,?,?), ref: 00893AB3
                                                                                                                                                                              • Part of subcall function 00893A75: lstrlenW.KERNEL32(?,?,00000104,?,?), ref: 00893AC6
                                                                                                                                                                              • Part of subcall function 00893A75: lstrlenW.KERNEL32(?,?,00000104,?,?), ref: 00893ADC
                                                                                                                                                                            • CharUpperBuffW.USER32(00000000,?,?,00000104,?,?,?,?,00892752,?), ref: 00894B43
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2410756799.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.2410725014.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410816328.00000000008AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410868538.00000000008B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410903126.00000000008B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Path$lstrlen$BuffCharExtensionRemoveStripUpperlstrcpyn
                                                                                                                                                                            • String ID: none
                                                                                                                                                                            • API String ID: 1330847136-2140143823
                                                                                                                                                                            • Opcode ID: a82752836b944982edb8c8a6890787863976cd16805de26055ec8b311e4543a3
                                                                                                                                                                            • Instruction ID: 20ec7bc0b970bb1a90d99e8f7e50efbeb90ed41959e6913a8949f274f1c72f61
                                                                                                                                                                            • Opcode Fuzzy Hash: a82752836b944982edb8c8a6890787863976cd16805de26055ec8b311e4543a3
                                                                                                                                                                            • Instruction Fuzzy Hash: 2D016D31500005FF8F08FBA8C856DEEB37AFE51324728059CB112A7192DF70AF05DA91
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 008926E9 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 46COMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 853 8926e9-89272d call 897760 GetModuleFileNameW 856 89275f-892766 call 892ba0 853->856 857 89272f-892731 853->857 860 89276b-89277a call 897182 856->860 857->856 859 892733-89274d call 892ba0 call 894b06 857->859 866 892752-89275d call 892f5f 859->866 866->860
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00892725
                                                                                                                                                                              • Part of subcall function 00894B06: CharUpperBuffW.USER32(00000000,?,?,00000104,?,?,?,?,00892752,?), ref: 00894B43
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2410756799.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.2410725014.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410816328.00000000008AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410868538.00000000008B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410903126.00000000008B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: BuffCharFileModuleNameUpper
                                                                                                                                                                            • String ID: none
                                                                                                                                                                            • API String ID: 2024523369-2140143823
                                                                                                                                                                            • Opcode ID: df35f244f659ee32fc23a2f617981b448209388f32096776f3f3cff249f7c17b
                                                                                                                                                                            • Instruction ID: b2329e7be500eb5c981b41426d91cf83033f4facec1d9909a06d145a06703128
                                                                                                                                                                            • Opcode Fuzzy Hash: df35f244f659ee32fc23a2f617981b448209388f32096776f3f3cff249f7c17b
                                                                                                                                                                            • Instruction Fuzzy Hash: E601B17064021CB7DF20FA68CC4AFEE73A8FB51710F4408A5A409E6281DE709F458AA2
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 008918B8 Relevance: 3.0, APIs: 2, Instructions: 42fileCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            • DeleteFileW.KERNELBASE(00000000,00000000,?,00000000,?,00892845,?,?), ref: 008918DA
                                                                                                                                                                            • RemoveDirectoryW.KERNELBASE(?,?,00000000,?,00892845,?,?), ref: 008918F2
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2410756799.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.2410725014.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410816328.00000000008AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410868538.00000000008B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410903126.00000000008B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: DeleteDirectoryFileRemove
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3325800564-0
                                                                                                                                                                            • Opcode ID: bb70ed7c3234a0a9ca415907791ddf10474755870b8e7f91fc505f904dba3cc4
                                                                                                                                                                            • Instruction ID: d98131cfa5f1132259d96cdae58fa8ac4c3f3749ef0296ad06f5a509d7838626
                                                                                                                                                                            • Opcode Fuzzy Hash: bb70ed7c3234a0a9ca415907791ddf10474755870b8e7f91fc505f904dba3cc4
                                                                                                                                                                            • Instruction Fuzzy Hash: EC018431200705ABCE35BF28C89587AB3B2FF913403080A7CA05B92966DF70B80ED752
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 0089DD6E Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • RtlFreeHeap.NTDLL(00000000,00000000,?,0089F9D4,0089BD16,00000000,0089BD16,?,0089F9F9,0089BD16,00000007,0089BD16,?,008A014B,0089BD16,0089BD16), ref: 0089DD84
                                                                                                                                                                            • GetLastError.KERNEL32(0089BD16,?,0089F9D4,0089BD16,00000000,0089BD16,?,0089F9F9,0089BD16,00000007,0089BD16,?,008A014B,0089BD16,0089BD16), ref: 0089DD8F
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2410756799.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.2410725014.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410816328.00000000008AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410868538.00000000008B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410903126.00000000008B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ErrorFreeHeapLast
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 485612231-0
                                                                                                                                                                            • Opcode ID: 3992bd6f47612709ee6878f24bcd2e5523580bb203a36a934a0ecc7675617d7e
                                                                                                                                                                            • Instruction ID: 25b50014e6da33a09bada9896735303b91aec85cb5eb4f4a64321f28a66aa15b
                                                                                                                                                                            • Opcode Fuzzy Hash: 3992bd6f47612709ee6878f24bcd2e5523580bb203a36a934a0ecc7675617d7e
                                                                                                                                                                            • Instruction Fuzzy Hash: 89E0EC32500B14EFDF253FA9EC09B993BA8FB457D5F184060F608D7561DB748950C799
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00892DC4 Relevance: 2.5, APIs: 2, Instructions: 39COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000003,00000000,00000000,000000FF,00000000,00000000,?,?,?,008937BD,00893618,?,?), ref: 00892DDD
                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000003,00000000,00000000,000000FF,00000000,-00000001,-00000001,?,008937BD,00893618,?,?), ref: 00892DFD
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2410756799.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.2410725014.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410816328.00000000008AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410868538.00000000008B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410903126.00000000008B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ByteCharMultiWide
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 626452242-0
                                                                                                                                                                            • Opcode ID: 8ecf3192435b5fbe4915b21c834ecf8772d2ade29cc197af0876707eea8335af
                                                                                                                                                                            • Instruction ID: 013f3fe12540c2a50c6455dfb324863d5f79ad9020304fe4e9eaff02539d1236
                                                                                                                                                                            • Opcode Fuzzy Hash: 8ecf3192435b5fbe4915b21c834ecf8772d2ade29cc197af0876707eea8335af
                                                                                                                                                                            • Instruction Fuzzy Hash: 4DF0E231344515BBEE113A4C8C09F7FF66DEF91B60F140219BA19DA5E1CEA04A0587F6
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00892369 Relevance: 1.7, APIs: 1, Instructions: 164COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2410756799.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.2410725014.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410816328.00000000008AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410868538.00000000008B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410903126.00000000008B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: d8f42d14674fd767a19759aa47704c0cbff2304538ae3a43a31ac61264cd7118
                                                                                                                                                                            • Instruction ID: 673c878dcd373ce0778aa75b06827f2b53d31c958cb3b7976b007a8c68f2aef0
                                                                                                                                                                            • Opcode Fuzzy Hash: d8f42d14674fd767a19759aa47704c0cbff2304538ae3a43a31ac61264cd7118
                                                                                                                                                                            • Instruction Fuzzy Hash: D9510A71D00228AFDF24DFA8CC80AADBBB8FF49314F1841AAE55DE7241EA3099458F51
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 008A2CE8 Relevance: 1.5, APIs: 1, Instructions: 44memoryCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 0089FAE8: RtlAllocateHeap.NTDLL(00000000,0089EBDC,?,?,0089EBDC,00000220,?,?,?), ref: 0089FB1A
                                                                                                                                                                            • RtlReAllocateHeap.NTDLL(00000000,00000000,008914FB,0089A626,00000000,?,008A0742,00000000,0089A626,00000028,?,00000024,?,0089A420,?,00000028), ref: 008A2D45
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2410756799.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.2410725014.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410816328.00000000008AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410868538.00000000008B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410903126.00000000008B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                                            • Opcode ID: 64a7b3c801eed190b2718cbdbf19f84e2162674fc3b307edb9aa6f39ef0734af
                                                                                                                                                                            • Instruction ID: 411cb7c1f69b25a450f819b7ef4ca6eee02abadf3cdf0099bc8763abc9ab8687
                                                                                                                                                                            • Opcode Fuzzy Hash: 64a7b3c801eed190b2718cbdbf19f84e2162674fc3b307edb9aa6f39ef0734af
                                                                                                                                                                            • Instruction Fuzzy Hash: 20F0623160011DAABB367A6DAC01B6E2798FF837B0B254125FC15D7993DB24D80096E2
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 0089DD11 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000008,00000401,FFFFFEAF,?,0089D935,00000001,00000364,00000006,000000FF,0089D048,FFFFFEAF,?,0089BF1A,0089DB81,F08BD84D,FFFFFEAF), ref: 0089DD52
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2410756799.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.2410725014.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410816328.00000000008AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410868538.00000000008B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410903126.00000000008B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                                            • Opcode ID: e5f6261afc75e696e9309cf76c9c96bf7397ea7804f0f6e7146ef7454a988a94
                                                                                                                                                                            • Instruction ID: e7b66eeb50d4638bc28c05b7159d91ded7031b0b7e728c0e259a87564930868b
                                                                                                                                                                            • Opcode Fuzzy Hash: e5f6261afc75e696e9309cf76c9c96bf7397ea7804f0f6e7146ef7454a988a94
                                                                                                                                                                            • Instruction Fuzzy Hash: E6F0E232601728ABEF213B2B9C01B5A3798FF85770B1D4121FC04EB1A9CA20DC00C6E9
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 0089FAE8 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000000,0089EBDC,?,?,0089EBDC,00000220,?,?,?), ref: 0089FB1A
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2410756799.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.2410725014.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410816328.00000000008AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410868538.00000000008B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410903126.00000000008B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                                            • Opcode ID: 70e72cb3e7bcdfd76608bceff66cd1adf52f4d633877435cc162f09f53c04cb7
                                                                                                                                                                            • Instruction ID: 8e4520cd6d9d9c5fc3d0577ce65e169548f1c91ce9edf37ec542ff1a72c270b7
                                                                                                                                                                            • Opcode Fuzzy Hash: 70e72cb3e7bcdfd76608bceff66cd1adf52f4d633877435cc162f09f53c04cb7
                                                                                                                                                                            • Instruction Fuzzy Hash: 78E0A0213006219BAE293F69EC11B9A368DFB153B4F1D0130BE04D6592CA508C0081E6
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00891168 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2410756799.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.2410725014.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410816328.00000000008AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410868538.00000000008B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410903126.00000000008B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 57df13240637684ac97a246a4a6c4455d1ee892d15b56ad869a78fc387b3f266
                                                                                                                                                                            • Instruction ID: 3e447453be0ea268eb19ac7df4f339bac6acf1af55d808093708f885f56ed549
                                                                                                                                                                            • Opcode Fuzzy Hash: 57df13240637684ac97a246a4a6c4455d1ee892d15b56ad869a78fc387b3f266
                                                                                                                                                                            • Instruction Fuzzy Hash: C3E0E534204209FFDF10AF60EC48B693BB5FF99715F28D068F51A8A120D732D951AB50
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00893520 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • DeleteFileW.KERNELBASE(00000000,00000000,?,00000000,?,00891CC7,?), ref: 00893537
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2410756799.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.2410725014.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410816328.00000000008AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410868538.00000000008B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410903126.00000000008B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: DeleteFile
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 4033686569-0
                                                                                                                                                                            • Opcode ID: 5fd211641ca02b877a3e419d063cc78aa1c8fad260b917322b1489cf2e8f2dc3
                                                                                                                                                                            • Instruction ID: be3538d710046c9ac9cd60fb3d5dd7ca32669ccbf85a9cb22eacf5627ac9f06f
                                                                                                                                                                            • Opcode Fuzzy Hash: 5fd211641ca02b877a3e419d063cc78aa1c8fad260b917322b1489cf2e8f2dc3
                                                                                                                                                                            • Instruction Fuzzy Hash: 14E08631200600AF8B397A1CEC40C76B3B4FF91760319067DD053D28245F606E45D750
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 0089A58E Relevance: 1.5, APIs: 1, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2410756799.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.2410725014.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410816328.00000000008AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410868538.00000000008B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410903126.00000000008B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: H_prolog3
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 431132790-0
                                                                                                                                                                            • Opcode ID: 75e781486980ddc2fb2a37450f65126c20fef7466b845f96e1f0a498bee9fc8e
                                                                                                                                                                            • Instruction ID: 694b83a2a1a578d78790e871821edabad946c227f215942478fdc85377855424
                                                                                                                                                                            • Opcode Fuzzy Hash: 75e781486980ddc2fb2a37450f65126c20fef7466b845f96e1f0a498bee9fc8e
                                                                                                                                                                            • Instruction Fuzzy Hash: C8E09A72C0060DEADB00DFD8C452BEFBBB8FB09310F508066E205E6141EA745744CBA2
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 0089114D Relevance: 1.5, APIs: 1, Instructions: 10memoryCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • RtlFreeHeap.NTDLL(?,00000000,00000000), ref: 0089115E
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2410756799.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.2410725014.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410816328.00000000008AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410868538.00000000008B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410903126.00000000008B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: FreeHeap
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3298025750-0
                                                                                                                                                                            • Opcode ID: ccb273ca326b7c89d9b3ab8ee8f9d3a51e1cec88e4f9cbde7581d70e09bc295e
                                                                                                                                                                            • Instruction ID: c788cc2e184a43bb31c9d2fde471f13478399fe613f700d6cb1461336da05416
                                                                                                                                                                            • Opcode Fuzzy Hash: ccb273ca326b7c89d9b3ab8ee8f9d3a51e1cec88e4f9cbde7581d70e09bc295e
                                                                                                                                                                            • Instruction Fuzzy Hash: F4C01231000A08FADB021E80DC09B957B68BB00344F188020B608188A0837294A0DA88
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00891138 Relevance: 1.5, APIs: 1, Instructions: 8memoryCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • RtlAllocateHeap.NTDLL(?,00000000,?), ref: 00891143
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2410756799.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.2410725014.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410816328.00000000008AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410868538.00000000008B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410903126.00000000008B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                                            • Opcode ID: 5ea6fac0065f5543ac823efb1a0ac6240ec92250883498a5790472514b61ea48
                                                                                                                                                                            • Instruction ID: 32734d1ee41d3fe9a80a3617438134d6ab5c998db85f323abaa5dcd373572a95
                                                                                                                                                                            • Opcode Fuzzy Hash: 5ea6fac0065f5543ac823efb1a0ac6240ec92250883498a5790472514b61ea48
                                                                                                                                                                            • Instruction Fuzzy Hash: B3B09232040208FBDA021B81EC06F85BF69EB1A750F10C021F608498628773A421EAA9
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                            Function 008A4198 Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1436COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2410756799.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.2410725014.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410816328.00000000008AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410868538.00000000008B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410903126.00000000008B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: __floor_pentium4
                                                                                                                                                                            • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                            • API String ID: 4168288129-2761157908
                                                                                                                                                                            • Opcode ID: c199a0c85f43bd1d1ce5873f82552943ee328383ea7db4de6f00ee61c401b046
                                                                                                                                                                            • Instruction ID: ed72c256c5b0533c3b2f2db97bb0455d8db61eed130ad0b1460ea0771437ac79
                                                                                                                                                                            • Opcode Fuzzy Hash: c199a0c85f43bd1d1ce5873f82552943ee328383ea7db4de6f00ee61c401b046
                                                                                                                                                                            • Instruction Fuzzy Hash: 29D2F771E086288BEF65CE28DD407EAB7B5FB86305F1451EAD40DE7640E778AE818F41
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 0089324D Relevance: 9.1, APIs: 6, Instructions: 140windowCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetLastError.KERNEL32(?,008914FB,?,008914FB), ref: 008932CE
                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,008914FB,?,008914FB), ref: 008932DB
                                                                                                                                                                            • FormatMessageW.KERNEL32(00000500,00000000,00000000,00000000,00000000,00000000,008914FB,?,008914FB,?,008914FB), ref: 008932F1
                                                                                                                                                                            • GetLastError.KERNEL32(?,008914FB,?,008914FB), ref: 008932FB
                                                                                                                                                                            • SetLastError.KERNEL32(008914FB,?,008914FB,?,008914FB), ref: 00893308
                                                                                                                                                                            • LocalFree.KERNEL32(00000000,?,008914FB,?,008914FB), ref: 008933B4
                                                                                                                                                                              • Part of subcall function 008929DE: FindResourceExW.KERNEL32(00000000,00000006,00000000,00000000,00000000,?,?,74DEDFA0,?,?,008933F9,-00000010,?,?,?,008914FB), ref: 00892A0F
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2410756799.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.2410725014.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410816328.00000000008AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410868538.00000000008B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410903126.00000000008B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ErrorLast$FindFormatFreeLocalMessageResource
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1240203180-0
                                                                                                                                                                            • Opcode ID: a0342f9de2e48a1cfe728d50556b5d28d8b3bcff59b21c75a68377e6ad6db072
                                                                                                                                                                            • Instruction ID: b08456c86a5f48d3f675c80cc342a2eb890904f0a0695c19be7626e86911be10
                                                                                                                                                                            • Opcode Fuzzy Hash: a0342f9de2e48a1cfe728d50556b5d28d8b3bcff59b21c75a68377e6ad6db072
                                                                                                                                                                            • Instruction Fuzzy Hash: 99417C75A00209EBDF04FFA9D885AAEB7B9FF44304F184159F901D7251EB709E04EB62
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00896D06 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00896D12
                                                                                                                                                                            • IsDebuggerPresent.KERNEL32 ref: 00896DDE
                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00896DFE
                                                                                                                                                                            • UnhandledExceptionFilter.KERNEL32(?), ref: 00896E08
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2410756799.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.2410725014.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410816328.00000000008AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410868538.00000000008B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410903126.00000000008B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 254469556-0
                                                                                                                                                                            • Opcode ID: 49d031f9d3504d44f917a0e043f9e63b4ce2d240238f9b554d5bfcff571e8af3
                                                                                                                                                                            • Instruction ID: a9042b698566caa1b990789e3555c313c6b90ba1776740bddef8cfeecc8206e9
                                                                                                                                                                            • Opcode Fuzzy Hash: 49d031f9d3504d44f917a0e043f9e63b4ce2d240238f9b554d5bfcff571e8af3
                                                                                                                                                                            • Instruction Fuzzy Hash: 0031F47590521CDBDF20EFA4D989BCDBBB8BF08700F1040AAE509AA250EB759A84DF45
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 008A168D Relevance: 4.8, APIs: 3, Instructions: 337COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2410756799.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.2410725014.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410816328.00000000008AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410868538.00000000008B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410903126.00000000008B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: b0e0bbd5f1d96daac4612cb4a436a56454da5e40dfd1f64c71768d0abb85c165
                                                                                                                                                                            • Instruction ID: e584f18ed2d429d4a7568ed8278fba2f221f15228696ecdfb83b7e13a9cf6cce
                                                                                                                                                                            • Opcode Fuzzy Hash: b0e0bbd5f1d96daac4612cb4a436a56454da5e40dfd1f64c71768d0abb85c165
                                                                                                                                                                            • Instruction Fuzzy Hash: 45B12532E042499FFF158F68C895BEEBBA5FF56314F18816AE801EB741D6349D01CBA1
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 0089DA04 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000401), ref: 0089DAFC
                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000401), ref: 0089DB06
                                                                                                                                                                            • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000401), ref: 0089DB13
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2410756799.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.2410725014.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410816328.00000000008AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410868538.00000000008B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410903126.00000000008B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3906539128-0
                                                                                                                                                                            • Opcode ID: 39c7328543196ab5af15d04ad6e5123a05d90f8597b1c1faf50e0bc8c8fa4756
                                                                                                                                                                            • Instruction ID: 77911445e317856ea826c3626bf333f994c6f8004060114cae29e9b9753e221a
                                                                                                                                                                            • Opcode Fuzzy Hash: 39c7328543196ab5af15d04ad6e5123a05d90f8597b1c1faf50e0bc8c8fa4756
                                                                                                                                                                            • Instruction Fuzzy Hash: 8B31B475911228EBCF21EF68D989BCDB7B4FF08310F5441EAE41CA6260E7709B858F45
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 008911D5 Relevance: 4.6, APIs: 3, Instructions: 53memoryCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetProcessHeap.KERNEL32(?,?,00892C07,?,008914FB), ref: 00891218
                                                                                                                                                                            • __Init_thread_footer.LIBCMT ref: 0089123F
                                                                                                                                                                              • Part of subcall function 008A86C5: EnterCriticalSection.KERNEL32(008B43C8,008B4400,?,?,0089120E,008B4400,?,?,00892C07,?,008914FB), ref: 008A86D0
                                                                                                                                                                              • Part of subcall function 008A86C5: LeaveCriticalSection.KERNEL32(008B43C8,?,0089120E,008B4400,?,?,00892C07,?,008914FB), ref: 008A870D
                                                                                                                                                                            • __Init_thread_footer.LIBCMT ref: 008912A1
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2410756799.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.2410725014.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410816328.00000000008AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410868538.00000000008B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410903126.00000000008B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CriticalInit_thread_footerSection$EnterHeapLeaveProcess
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3363689876-0
                                                                                                                                                                            • Opcode ID: e5515185c6d7661b044e0c60aab3d448234fe490ef290a5a9057c3d8af755258
                                                                                                                                                                            • Instruction ID: 0af52c30da4bf6320c536ca1bc06a298702144537f354c02080f435b5f4d7c89
                                                                                                                                                                            • Opcode Fuzzy Hash: e5515185c6d7661b044e0c60aab3d448234fe490ef290a5a9057c3d8af755258
                                                                                                                                                                            • Instruction Fuzzy Hash: 9311B27150A601CBEB00ABA8FC4BB4937E0F706326F246219E211C77B3CB3454668B6D
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 008A3D10 Relevance: 3.4, APIs: 2, Instructions: 449COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2410756799.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.2410725014.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410816328.00000000008AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410868538.00000000008B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410903126.00000000008B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 5a5de4475321df752b8b9df09e3ac9534813bd07a6e30a606723c2d77483104b
                                                                                                                                                                            • Instruction ID: f131205970374fb4dac8c2b2e985b92bc6e94ea9de3ada6c2fa6d49d06255b54
                                                                                                                                                                            • Opcode Fuzzy Hash: 5a5de4475321df752b8b9df09e3ac9534813bd07a6e30a606723c2d77483104b
                                                                                                                                                                            • Instruction Fuzzy Hash: ADF12D71E002199FEF14CFA9D880AADBBB1FF89314F158269E915E7784D770AE41CB90
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 008A7A0B Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,008A7A06,?,?,00000008,?,?,008A7610,00000000), ref: 008A7C38
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2410756799.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.2410725014.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410816328.00000000008AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410868538.00000000008B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410903126.00000000008B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExceptionRaise
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3997070919-0
                                                                                                                                                                            • Opcode ID: 6cedb5fe165ee21cb09814a3239ad974b8bc6bacca7b928151cf907cc7b7d7e0
                                                                                                                                                                            • Instruction ID: 67f3cbf4cd54f69c6c6b583fa1ca571c68fc8b0581b82be58d9c6b77792cf808
                                                                                                                                                                            • Opcode Fuzzy Hash: 6cedb5fe165ee21cb09814a3239ad974b8bc6bacca7b928151cf907cc7b7d7e0
                                                                                                                                                                            • Instruction Fuzzy Hash: E0B16F71614609DFE714CF2CC886B657BE0FF46364F258658E89ACF6A1C335EA82DB40
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00896FA5 Relevance: 1.6, APIs: 1, Instructions: 144COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00896FBB
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2410756799.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.2410725014.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410816328.00000000008AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410868538.00000000008B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410903126.00000000008B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: FeaturePresentProcessor
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2325560087-0
                                                                                                                                                                            • Opcode ID: 3e2f52815e625fd803359819ef3285cc12290e6915fcf3cc653b8e2fe1a7d20e
                                                                                                                                                                            • Instruction ID: 7f5459dc62787bef4b0fae521688d6ac590abd49c881bc56ec7429ffa1484f23
                                                                                                                                                                            • Opcode Fuzzy Hash: 3e2f52815e625fd803359819ef3285cc12290e6915fcf3cc653b8e2fe1a7d20e
                                                                                                                                                                            • Instruction Fuzzy Hash: A7517CB1A15A05DFDB25DF54D8817AABBF4FB48310F28862AE415EB350D3B59A40CF50
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 0089C5D4 Relevance: 1.6, Strings: 1, Instructions: 388COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2410756799.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.2410725014.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410816328.00000000008AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410868538.00000000008B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410903126.00000000008B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: 0
                                                                                                                                                                            • API String ID: 0-4108050209
                                                                                                                                                                            • Opcode ID: 54e9c341c3fc49542641d43d2d2bcf23963bfc957aed4b46e3a3d77091c47ded
                                                                                                                                                                            • Instruction ID: 9736ffef549f5fa651a25c27f0e910b2f8dc46ef419e4081b7f6e23dacd4ac98
                                                                                                                                                                            • Opcode Fuzzy Hash: 54e9c341c3fc49542641d43d2d2bcf23963bfc957aed4b46e3a3d77091c47ded
                                                                                                                                                                            • Instruction Fuzzy Hash: 75E1CA746006098FCF25EF68C580AAEBBF1FF59314B28461EE446EB291D732AD42CF51
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00896E9A Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(Function_00006EA6,00896812), ref: 00896E9F
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2410756799.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.2410725014.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410816328.00000000008AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410868538.00000000008B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410903126.00000000008B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExceptionFilterUnhandled
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3192549508-0
                                                                                                                                                                            • Opcode ID: 10bffc35ad3e48cb5b584fd49751c7aeffafb33e07f2a8bff02002082c2b19f4
                                                                                                                                                                            • Instruction ID: ebe4ea65c5429a19c731c658029f35a27db45b34b785cf87c5d94c005f119f44
                                                                                                                                                                            • Opcode Fuzzy Hash: 10bffc35ad3e48cb5b584fd49751c7aeffafb33e07f2a8bff02002082c2b19f4
                                                                                                                                                                            • Instruction Fuzzy Hash:
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00895AB6 Relevance: .5, Instructions: 502COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2410756799.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.2410725014.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410816328.00000000008AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410868538.00000000008B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410903126.00000000008B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 07742bc48a47d668c5b7ba0a761fa324f4e69b4b27f22652eb96e8f34f5a8860
                                                                                                                                                                            • Instruction ID: e4a2da964a1c46c42691c910e10ff342043a5a2e23fcb9355e23ded338e3110f
                                                                                                                                                                            • Opcode Fuzzy Hash: 07742bc48a47d668c5b7ba0a761fa324f4e69b4b27f22652eb96e8f34f5a8860
                                                                                                                                                                            • Instruction Fuzzy Hash: 21028172E005298FDF19DB79C4C06BCBBF2FB84395F194675E456EB284E6349A81CB80
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 0089F38C Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2410756799.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.2410725014.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410816328.00000000008AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410868538.00000000008B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410903126.00000000008B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 16ebe579c643b41b3b2ed50db8f55ad19555c0db4d7538cbefb163680043b31e
                                                                                                                                                                            • Instruction ID: da02633ac05a852a6ae3b5de10ebe168fe8f88bb0667a346e6653e5af06cfb86
                                                                                                                                                                            • Opcode Fuzzy Hash: 16ebe579c643b41b3b2ed50db8f55ad19555c0db4d7538cbefb163680043b31e
                                                                                                                                                                            • Instruction Fuzzy Hash: 6CE04632911228EBCB19EB8C890499AB2ACFB89B01F5500A6B601D3601C274DE00DBD0
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 0089A026 Relevance: .0, Instructions: 12COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2410756799.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.2410725014.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410816328.00000000008AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410868538.00000000008B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410903126.00000000008B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 07b441ad80737fae624cd0199c2363617cbbe7bd83f795c05ac74d04cb32a94c
                                                                                                                                                                            • Instruction ID: e02e03702c32b4c691973fe609abb04bf4311c48150a55c2a7d768915bba2e7d
                                                                                                                                                                            • Opcode Fuzzy Hash: 07b441ad80737fae624cd0199c2363617cbbe7bd83f795c05ac74d04cb32a94c
                                                                                                                                                                            • Instruction Fuzzy Hash: 03C08C34400D00CACE2DAD2482713A63394F391BC2F88048CC902CB782D91FAC86E642
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 008A85DD Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 51libraryloaderCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • InitializeCriticalSectionAndSpinCount.KERNEL32(008B43C8,00000FA0,?,?,008A85BB), ref: 008A85E9
                                                                                                                                                                            • GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,008A85BB), ref: 008A85F4
                                                                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,008A85BB), ref: 008A8605
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 008A8617
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 008A8625
                                                                                                                                                                            • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,008A85BB), ref: 008A8648
                                                                                                                                                                            • DeleteCriticalSection.KERNEL32(008B43C8,00000007,?,?,008A85BB), ref: 008A8664
                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,008A85BB), ref: 008A8674
                                                                                                                                                                            Strings
                                                                                                                                                                            • api-ms-win-core-synch-l1-2-0.dll, xrefs: 008A85EF
                                                                                                                                                                            • SleepConditionVariableCS, xrefs: 008A8611
                                                                                                                                                                            • WakeAllConditionVariable, xrefs: 008A861D
                                                                                                                                                                            • kernel32.dll, xrefs: 008A8600
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2410756799.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.2410725014.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410816328.00000000008AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410868538.00000000008B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410903126.00000000008B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
                                                                                                                                                                            • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                            • API String ID: 2565136772-3242537097
                                                                                                                                                                            • Opcode ID: 15446c0fc0f7610b6ccdc60a4b5cbbc5c02c4c79f1b27a3ad4be9c622b5801ca
                                                                                                                                                                            • Instruction ID: 105a9313b66b94d8bef441099ecad334d8f93400cc25d8af2bb34ddfafc37390
                                                                                                                                                                            • Opcode Fuzzy Hash: 15446c0fc0f7610b6ccdc60a4b5cbbc5c02c4c79f1b27a3ad4be9c622b5801ca
                                                                                                                                                                            • Instruction Fuzzy Hash: 5901F530A40B11EBFB241B64AD0EE2B3698FB5BB517041524F915D2F51EF788804C632
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 008989AB Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • IsInExceptionSpec.LIBVCRUNTIME ref: 00898AA8
                                                                                                                                                                            • type_info::operator==.LIBVCRUNTIME ref: 00898ACA
                                                                                                                                                                            • ___TypeMatch.LIBVCRUNTIME ref: 00898BD9
                                                                                                                                                                            • IsInExceptionSpec.LIBVCRUNTIME ref: 00898CAB
                                                                                                                                                                            • _UnwindNestedFrames.LIBCMT ref: 00898D2F
                                                                                                                                                                            • CallUnexpected.LIBVCRUNTIME ref: 00898D4A
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2410756799.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.2410725014.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410816328.00000000008AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410868538.00000000008B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410903126.00000000008B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                                                                                                            • String ID: csm$csm$csm
                                                                                                                                                                            • API String ID: 2123188842-393685449
                                                                                                                                                                            • Opcode ID: 57e27b239d238cad6abfd727daddd15fc162f91766ad5e35f9ce61fd5d781d3f
                                                                                                                                                                            • Instruction ID: 4ad42b0e6a432ac6ff6a608de7ba5bed1e500baf5f2f3f3ed05c88533ccfac49
                                                                                                                                                                            • Opcode Fuzzy Hash: 57e27b239d238cad6abfd727daddd15fc162f91766ad5e35f9ce61fd5d781d3f
                                                                                                                                                                            • Instruction Fuzzy Hash: 44B16F71C0021AEFCF29EFA8C84199EB7B5FF15314F19415AE811EB252DB31DA51CBA2
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 008973D0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00897407
                                                                                                                                                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 0089740F
                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00897498
                                                                                                                                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 008974C3
                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00897518
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2410756799.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.2410725014.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410816328.00000000008AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410868538.00000000008B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410903126.00000000008B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                            • String ID: csm
                                                                                                                                                                            • API String ID: 1170836740-1018135373
                                                                                                                                                                            • Opcode ID: 7261cf85b3a58af3ac9614dfdde691e03d615abaae7c562469bcf1523318c255
                                                                                                                                                                            • Instruction ID: f6aded4c4e31f693447e426590beaf08a53f70f9afab21d706f61745d1b05218
                                                                                                                                                                            • Opcode Fuzzy Hash: 7261cf85b3a58af3ac9614dfdde691e03d615abaae7c562469bcf1523318c255
                                                                                                                                                                            • Instruction Fuzzy Hash: 2841C234A14208ABCF10EF6CC881A9E7FA4FF45324F188195E818DB353D735AA15CB95
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 008A031F Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,FFFFFEAF,?,4D07BCF4,?,008A042C,0089BD16,?,FFFFFEAF,00000000), ref: 008A03E0
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2410756799.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.2410725014.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410816328.00000000008AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410868538.00000000008B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410903126.00000000008B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: FreeLibrary
                                                                                                                                                                            • String ID: api-ms-$ext-ms-
                                                                                                                                                                            • API String ID: 3664257935-537541572
                                                                                                                                                                            • Opcode ID: 7fc90a129232f98053c3bb7ffdb2272036acb7fedff91f801c9183a385144570
                                                                                                                                                                            • Instruction ID: d04a5f0f1a894323027c07d3aea7708b474950990756844495ac8508a89d99f8
                                                                                                                                                                            • Opcode Fuzzy Hash: 7fc90a129232f98053c3bb7ffdb2272036acb7fedff91f801c9183a385144570
                                                                                                                                                                            • Instruction Fuzzy Hash: 5B21CD31A05714ABEF21DB25EC41A6B3768FB437A4B250210F915EBB91E770ED04DAE2
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00893A75 Relevance: 9.1, APIs: 6, Instructions: 80stringCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • lstrcpynW.KERNEL32(?,?,00000104,?,?), ref: 00893A99
                                                                                                                                                                            • PathStripPathW.SHLWAPI(?,?,00000104,?,?), ref: 00893AA6
                                                                                                                                                                            • PathRemoveExtensionW.SHLWAPI(?,?,00000104,?,?), ref: 00893AB3
                                                                                                                                                                            • lstrlenW.KERNEL32(?,?,00000104,?,?), ref: 00893AC6
                                                                                                                                                                            • lstrlenW.KERNEL32(?,?,00000104,?,?), ref: 00893ADC
                                                                                                                                                                            • lstrlenW.KERNEL32(?,?,00000104,?,?), ref: 00893B42
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2410756799.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.2410725014.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410816328.00000000008AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410868538.00000000008B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410903126.00000000008B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Pathlstrlen$ExtensionRemoveStriplstrcpyn
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2958138087-0
                                                                                                                                                                            • Opcode ID: bcf3ccc9b1c4c08b2d27fdb49b53e20fba2a13070c9986c4cf93e4df83c6de0f
                                                                                                                                                                            • Instruction ID: 807ca8d45463ffb412dc43ce811973e782c04108e8a29cb6fa10e992cbc30ff2
                                                                                                                                                                            • Opcode Fuzzy Hash: bcf3ccc9b1c4c08b2d27fdb49b53e20fba2a13070c9986c4cf93e4df83c6de0f
                                                                                                                                                                            • Instruction Fuzzy Hash: 862180B590121C9ACF24FB78DC48AEE73B8FB41324F2446A6D426D3496E7309F85CB41
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00897A81 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetLastError.KERNEL32(?,?,00897A78,0089774C,00896EEA), ref: 00897A8F
                                                                                                                                                                            • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00897A9D
                                                                                                                                                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00897AB6
                                                                                                                                                                            • SetLastError.KERNEL32(00000000,00897A78,0089774C,00896EEA), ref: 00897B08
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2410756799.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.2410725014.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410816328.00000000008AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410868538.00000000008B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410903126.00000000008B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3852720340-0
                                                                                                                                                                            • Opcode ID: 19c7edea6b12345a8c58eaece350e9f8c6c716711fb50692b36b3be454a56f4a
                                                                                                                                                                            • Instruction ID: 6b7282fced100432a46960caf7757e2d3486fb6082e032d673022401f306bbec
                                                                                                                                                                            • Opcode Fuzzy Hash: 19c7edea6b12345a8c58eaece350e9f8c6c716711fb50692b36b3be454a56f4a
                                                                                                                                                                            • Instruction Fuzzy Hash: 7A01D43362D7216EAE153B79AC85A6E2BA4FF453747380339F020E00F0EF614D029691
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 0089E65C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            • C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe, xrefs: 0089E678
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2410756799.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.2410725014.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410816328.00000000008AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410868538.00000000008B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410903126.00000000008B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: C:\Users\user\Desktop\BraveBrowserSetup-BRV010.exe
                                                                                                                                                                            • API String ID: 0-1642686526
                                                                                                                                                                            • Opcode ID: 3cf29b85280c170ff99f41680d590d315b2d211d3331ee58066a5279b01f98e4
                                                                                                                                                                            • Instruction ID: 7760267f693107e8d6688e5bdc92a09d6b3f7605ded4960740395ba1f4c2bb9e
                                                                                                                                                                            • Opcode Fuzzy Hash: 3cf29b85280c170ff99f41680d590d315b2d211d3331ee58066a5279b01f98e4
                                                                                                                                                                            • Instruction Fuzzy Hash: 4B215B71604309BF9F21FFA9888086B7BA9FF643687184525F819D7651E731EC50C7A2
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00897C03 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,?,00897CC4,?,?,008B3CF8,00000000,?,00897DEF,00000004,InitializeCriticalSectionEx,008AACD4,InitializeCriticalSectionEx,00000000), ref: 00897C93
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2410756799.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.2410725014.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410816328.00000000008AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410868538.00000000008B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410903126.00000000008B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: FreeLibrary
                                                                                                                                                                            • String ID: api-ms-
                                                                                                                                                                            • API String ID: 3664257935-2084034818
                                                                                                                                                                            • Opcode ID: 62fc4eb840168840ade1e8a2368fcc0cb90ea01dd56440f439fdf75ae7548045
                                                                                                                                                                            • Instruction ID: 542b9691064ff018d4a2826fa17891484a504ed3b5d6a8613101559681685407
                                                                                                                                                                            • Opcode Fuzzy Hash: 62fc4eb840168840ade1e8a2368fcc0cb90ea01dd56440f439fdf75ae7548045
                                                                                                                                                                            • Instruction Fuzzy Hash: 6E11CA31A55725EBEF32AB689C45B5A33A4FF02778F190110F915EB690D770ED00C6D1
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 0089A048 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,4D07BCF4,?,?,00000000,008A9C93,000000FF,?,0089A01B,0089A108,?,00899FEF,00000000), ref: 0089A07D
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0089A08F
                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,00000000,008A9C93,000000FF,?,0089A01B,0089A108,?,00899FEF,00000000), ref: 0089A0B1
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2410756799.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.2410725014.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410816328.00000000008AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410868538.00000000008B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410903126.00000000008B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                            • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                            • API String ID: 4061214504-1276376045
                                                                                                                                                                            • Opcode ID: 0a472f6a90b5e2531822834748636a337efe0621082fd18e6e89bd3eed6248c3
                                                                                                                                                                            • Instruction ID: 2f9de4ff8271553d4bd94ffd45564f580c273d9ddc3b880b72b5e938feb07811
                                                                                                                                                                            • Opcode Fuzzy Hash: 0a472f6a90b5e2531822834748636a337efe0621082fd18e6e89bd3eed6248c3
                                                                                                                                                                            • Instruction Fuzzy Hash: 1F018B71944E15EFEB159F50CC05BAE7BBCFB05715F040525F811E2E90DB799904CB91
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 008A29A4 Relevance: 7.7, APIs: 5, Instructions: 202COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 008A2A2B
                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 008A2AEC
                                                                                                                                                                            • __freea.LIBCMT ref: 008A2B53
                                                                                                                                                                              • Part of subcall function 0089FAE8: RtlAllocateHeap.NTDLL(00000000,0089EBDC,?,?,0089EBDC,00000220,?,?,?), ref: 0089FB1A
                                                                                                                                                                            • __freea.LIBCMT ref: 008A2B68
                                                                                                                                                                            • __freea.LIBCMT ref: 008A2B78
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2410756799.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.2410725014.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410816328.00000000008AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410868538.00000000008B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410903126.00000000008B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: __freea$__alloca_probe_16$AllocateHeap
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1423051803-0
                                                                                                                                                                            • Opcode ID: 430194a2b6a985232ee6a1ce7a97fd8d83166e77c1ceb54eb6c161520eba788d
                                                                                                                                                                            • Instruction ID: a203c23bdce3f283a49cb31b7167ba33b11e0b0bf8210fe7b4685108e1cac412
                                                                                                                                                                            • Opcode Fuzzy Hash: 430194a2b6a985232ee6a1ce7a97fd8d83166e77c1ceb54eb6c161520eba788d
                                                                                                                                                                            • Instruction Fuzzy Hash: D0519D7260021AAFFF359E688C81EAB37A9FB46764B190128FD08D7541EA31DC1197A1
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00891CDF Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 67COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(00000000,?,00000104,?,?,00000000,00000000,00000000), ref: 00891D75
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2410756799.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.2410725014.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410816328.00000000008AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410868538.00000000008B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410903126.00000000008B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: FileModuleName
                                                                                                                                                                            • String ID: "%s"$/%s$recover
                                                                                                                                                                            • API String ID: 514040917-4067204065
                                                                                                                                                                            • Opcode ID: 51476338fbc3cf18bda299d0ab4994d4f69097e573dcd814dc99f0d1c713193a
                                                                                                                                                                            • Instruction ID: 7416bdff775dbc588507e06b960b37a596cf842431980668be1c8d69b4b12e9b
                                                                                                                                                                            • Opcode Fuzzy Hash: 51476338fbc3cf18bda299d0ab4994d4f69097e573dcd814dc99f0d1c713193a
                                                                                                                                                                            • Instruction Fuzzy Hash: 6311727194522CABDF20FB65DC89EEAB778FF15710F0404A5B919E3182EB709B44CAA1
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 008A2E70 Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetConsoleOutputCP.KERNEL32(4D07BCF4,?,00000000,008B18B8), ref: 008A2ED3
                                                                                                                                                                              • Part of subcall function 0089F15E: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,008A2B49,?,00000000,-00000008), ref: 0089F20A
                                                                                                                                                                            • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 008A312E
                                                                                                                                                                            • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 008A3176
                                                                                                                                                                            • GetLastError.KERNEL32 ref: 008A3219
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2410756799.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.2410725014.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410816328.00000000008AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410868538.00000000008B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410903126.00000000008B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2112829910-0
                                                                                                                                                                            • Opcode ID: 7c11899a6efeafa45cbb46a4737d80394cba6c404c1f979ec96cd5c8ee49335f
                                                                                                                                                                            • Instruction ID: 8090ebd309dbf8235f9c4591721b5a378207049e1be5080da995643bc9ba20e5
                                                                                                                                                                            • Opcode Fuzzy Hash: 7c11899a6efeafa45cbb46a4737d80394cba6c404c1f979ec96cd5c8ee49335f
                                                                                                                                                                            • Instruction Fuzzy Hash: 04D17AB5E04648AFDF15CFE8D880AADBBB5FF0A304F18412AE865E7751D730A946CB50
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00898754 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2410756799.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.2410725014.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410816328.00000000008AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410868538.00000000008B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410903126.00000000008B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AdjustPointer
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1740715915-0
                                                                                                                                                                            • Opcode ID: cb95244c1182a13fd9647dacc7e081201c8983e332bdc572c7ba68363e2e7f62
                                                                                                                                                                            • Instruction ID: bcee039af5af17e5e99aa6ae9673ada7b5aed2b60d3269efe2bc5183892ceb5a
                                                                                                                                                                            • Opcode Fuzzy Hash: cb95244c1182a13fd9647dacc7e081201c8983e332bdc572c7ba68363e2e7f62
                                                                                                                                                                            • Instruction Fuzzy Hash: 6451B172600207EFDF29AF58D841B6A77A5FF41710F6C452DE911E72A1EB31E940C7A1
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 0089DE72 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 0089F15E: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,008A2B49,?,00000000,-00000008), ref: 0089F20A
                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0089DED6
                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 0089DEDD
                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?), ref: 0089DF17
                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 0089DF1E
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2410756799.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.2410725014.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410816328.00000000008AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410868538.00000000008B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410903126.00000000008B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1913693674-0
                                                                                                                                                                            • Opcode ID: fd6b06991c50a78af6c0244e3fbce446aa1cc150907db5d58ae9e635ddea42ee
                                                                                                                                                                            • Instruction ID: 1a80bf8ad03b402d5a8ec51c698a6aa218e294857aa70ae4bdb56f4778cc5b3e
                                                                                                                                                                            • Opcode Fuzzy Hash: fd6b06991c50a78af6c0244e3fbce446aa1cc150907db5d58ae9e635ddea42ee
                                                                                                                                                                            • Instruction Fuzzy Hash: C521C272604705AF9F20FF6AD88186BB7A9FF543687198418F91AC7250EB71EC00CBA5
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 0089F24C Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetEnvironmentStringsW.KERNEL32 ref: 0089F254
                                                                                                                                                                              • Part of subcall function 0089F15E: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,008A2B49,?,00000000,-00000008), ref: 0089F20A
                                                                                                                                                                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0089F28C
                                                                                                                                                                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0089F2AC
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2410756799.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.2410725014.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410816328.00000000008AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410868538.00000000008B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410903126.00000000008B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 158306478-0
                                                                                                                                                                            • Opcode ID: cad5c1191c16059646aa04857b736285e317185c37b0282de465ec0314badbe0
                                                                                                                                                                            • Instruction ID: 87ad5e60f5a8ab5f17a8c5cab01801c9d21084e908f284d20c7b05b26ccd19ab
                                                                                                                                                                            • Opcode Fuzzy Hash: cad5c1191c16059646aa04857b736285e317185c37b0282de465ec0314badbe0
                                                                                                                                                                            • Instruction Fuzzy Hash: 9B1108A5501615BF6F293BB59C8DE7F395CFD453983180034F705D3502EA64CD0086B6
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00891444 Relevance: 6.1, APIs: 4, Instructions: 57COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • VerSetConditionMask.KERNEL32(00000000,00000000,00000002,00000003,00000001,00000003,00000020,00000003), ref: 008914A3
                                                                                                                                                                            • VerSetConditionMask.KERNEL32(00000000), ref: 008914A7
                                                                                                                                                                            • VerSetConditionMask.KERNEL32(00000000), ref: 008914AB
                                                                                                                                                                            • VerifyVersionInfoW.KERNEL32(0000011C,00000023,00000000), ref: 008914CF
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2410756799.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.2410725014.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410816328.00000000008AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410868538.00000000008B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410903126.00000000008B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ConditionMask$InfoVerifyVersion
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2793162063-0
                                                                                                                                                                            • Opcode ID: 8ae222c3e9488a7582269eafbf98beb84f0c1ef2af765896aab668578d984256
                                                                                                                                                                            • Instruction ID: 509bf1ce20b24dcf6dc72606a9d10064b0dad711003c6558b129d817c4427648
                                                                                                                                                                            • Opcode Fuzzy Hash: 8ae222c3e9488a7582269eafbf98beb84f0c1ef2af765896aab668578d984256
                                                                                                                                                                            • Instruction Fuzzy Hash: FF111670A403187AEB21DB55DC0AFEFBBBCEF85B10F000059B504E6180D7B45B45CA95
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 008A65B6 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • WriteConsoleW.KERNEL32(?,008B18B8,00000000,00000000,?,?,008A5930,?,00000001,?,008B18B8,?,008A326D,008B18B8,?,00000000), ref: 008A65CD
                                                                                                                                                                            • GetLastError.KERNEL32(?,008A5930,?,00000001,?,008B18B8,?,008A326D,008B18B8,?,00000000,008B18B8,008B18B8,?,008A37F4,?), ref: 008A65D9
                                                                                                                                                                              • Part of subcall function 008A659F: CloseHandle.KERNEL32(FFFFFFFE,008A65E9,?,008A5930,?,00000001,?,008B18B8,?,008A326D,008B18B8,?,00000000,008B18B8,008B18B8), ref: 008A65AF
                                                                                                                                                                            • ___initconout.LIBCMT ref: 008A65E9
                                                                                                                                                                              • Part of subcall function 008A6561: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,008A6590,008A591D,008B18B8,?,008A326D,008B18B8,?,00000000,008B18B8), ref: 008A6574
                                                                                                                                                                            • WriteConsoleW.KERNEL32(?,008B18B8,00000000,00000000,?,008A5930,?,00000001,?,008B18B8,?,008A326D,008B18B8,?,00000000,008B18B8), ref: 008A65FE
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2410756799.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.2410725014.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410816328.00000000008AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410868538.00000000008B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410903126.00000000008B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2744216297-0
                                                                                                                                                                            • Opcode ID: 864dbdd91b5e772c7618d132a48ff5f5093e3469cdbc0f51baf9829893753348
                                                                                                                                                                            • Instruction ID: ca78a1e88b8e6c021189c981ebccbd6cdc88af978807f975ec6d6138d009c13f
                                                                                                                                                                            • Opcode Fuzzy Hash: 864dbdd91b5e772c7618d132a48ff5f5093e3469cdbc0f51baf9829893753348
                                                                                                                                                                            • Instruction Fuzzy Hash: 17F0C03A500119BBDF622FD9DC0499A3F66FF1A7A1F094120FA19D5934D7328930DB92
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 008A874D Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • SleepConditionVariableCS.KERNELBASE(?,008A86EA,00000064), ref: 008A8770
                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(008B43C8,?,?,008A86EA,00000064,?,0089120E,008B4400,?,?,00892C07,?,008914FB), ref: 008A877A
                                                                                                                                                                            • WaitForSingleObjectEx.KERNEL32(?,00000000,?,008A86EA,00000064,?,0089120E,008B4400,?,?,00892C07,?,008914FB), ref: 008A878B
                                                                                                                                                                            • EnterCriticalSection.KERNEL32(008B43C8,?,008A86EA,00000064,?,0089120E,008B4400,?,?,00892C07,?,008914FB), ref: 008A8792
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2410756799.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.2410725014.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410816328.00000000008AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410868538.00000000008B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410903126.00000000008B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3269011525-0
                                                                                                                                                                            • Opcode ID: 301f1a3ec3690880c38162ef314a13f412bbb5249af95c42690a4e90440189fd
                                                                                                                                                                            • Instruction ID: 26a99a5d23be45b1f344a99f7d23be74da1378dabf0da0fbfa2a675291d102ed
                                                                                                                                                                            • Opcode Fuzzy Hash: 301f1a3ec3690880c38162ef314a13f412bbb5249af95c42690a4e90440189fd
                                                                                                                                                                            • Instruction Fuzzy Hash: 27E09B31541734F7DB051B90EC06E8E3F64FB0AB52B081110F505A2B62C7790900CBD1
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00898D55 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 00898D7A
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2410756799.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.2410725014.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410816328.00000000008AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410868538.00000000008B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410903126.00000000008B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: EncodePointer
                                                                                                                                                                            • String ID: MOC$RCC
                                                                                                                                                                            • API String ID: 2118026453-2084237596
                                                                                                                                                                            • Opcode ID: 836a0b139816fed038b182c21721bb927b30c369d7fdbf7a92f1c63228e93876
                                                                                                                                                                            • Instruction ID: e6961cb81181a15cb513755c88f7fabaf76743465358542d7abfac02187f9ca5
                                                                                                                                                                            • Opcode Fuzzy Hash: 836a0b139816fed038b182c21721bb927b30c369d7fdbf7a92f1c63228e93876
                                                                                                                                                                            • Instruction Fuzzy Hash: C4414A7290020AEFCF15EF98CC81AEEBBB5FF49300F198159F904A7261D735AA50DB51
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 008A7FD1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00891097: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,8007000E,?,-C000001E,00000001), ref: 0089109C
                                                                                                                                                                              • Part of subcall function 00891097: GetLastError.KERNEL32(?,00000000,?,8007000E,?,-C000001E,00000001), ref: 008910A6
                                                                                                                                                                            • IsDebuggerPresent.KERNEL32(?,?,?,0089100A), ref: 008A8004
                                                                                                                                                                            • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,0089100A), ref: 008A8013
                                                                                                                                                                            Strings
                                                                                                                                                                            • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 008A800E
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2410756799.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.2410725014.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410816328.00000000008AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410868538.00000000008B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410903126.00000000008B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CountCriticalDebugDebuggerErrorInitializeLastOutputPresentSectionSpinString
                                                                                                                                                                            • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                            • API String ID: 450123788-631824599
                                                                                                                                                                            • Opcode ID: 242a2e1b48fa4691344cb5b6b6844fd3760f903a5864326791e4b4736765de18
                                                                                                                                                                            • Instruction ID: 3bf9a69bef2693b1cef80b5ed3fe36522ae43b539f0a472aba1d53951e756b05
                                                                                                                                                                            • Opcode Fuzzy Hash: 242a2e1b48fa4691344cb5b6b6844fd3760f903a5864326791e4b4736765de18
                                                                                                                                                                            • Instruction Fuzzy Hash: 7CE0E570600B51CBF770AF68E8093527BE4FB06754F04892DE596C2E51EBB5E44CCBA2
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 0089F0C9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 6COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2410756799.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.2410725014.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410816328.00000000008AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410868538.00000000008B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.2410903126.00000000008B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_890000_BraveBrowserSetup-BRV010.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CommandLine
                                                                                                                                                                            • String ID: 0&F
                                                                                                                                                                            • API String ID: 3253501508-2269862659
                                                                                                                                                                            • Opcode ID: 52c870e8fb801490b47c2f28225750cee7e19fa01a6fa731d6aad38131f5c2b3
                                                                                                                                                                            • Instruction ID: 1b57d0594d635767485f9f11d9be3132d99ca9b453ccd241433a470a612844a1
                                                                                                                                                                            • Opcode Fuzzy Hash: 52c870e8fb801490b47c2f28225750cee7e19fa01a6fa731d6aad38131f5c2b3
                                                                                                                                                                            • Instruction Fuzzy Hash: 03B09278800681CFE7488F30FA4D5043BA1B2092023800166D421C2F20D7B98600CF12
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Execution Graph

                                                                                                                                                                            Execution Coverage:3.2%
                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                            Signature Coverage:0%
                                                                                                                                                                            Total number of Nodes:1448
                                                                                                                                                                            Total number of Limit Nodes:34
                                                                                                                                                                            execution_graph 8442 ecd4e5 8450 ece884 8442->8450 8446 ecd50e 8447 ecd501 8447->8446 8478 ecd511 8447->8478 8449 ecd4f9 8451 ece7c1 _unexpected 5 API calls 8450->8451 8452 ece8a0 8451->8452 8453 ece8b8 TlsAlloc 8452->8453 8454 ecd4ef 8452->8454 8453->8454 8454->8449 8455 ecd391 GetLastError 8454->8455 8456 ecd3a7 8455->8456 8459 ecd3ad 8455->8459 8457 ece902 _unexpected 6 API calls 8456->8457 8457->8459 8458 ece941 _unexpected 6 API calls 8460 ecd3c9 8458->8460 8459->8458 8475 ecd3b1 SetLastError 8459->8475 8462 ecd6d2 _unexpected 12 API calls 8460->8462 8460->8475 8463 ecd3de 8462->8463 8464 ecd3e6 8463->8464 8465 ecd3f7 8463->8465 8467 ece941 _unexpected 6 API calls 8464->8467 8466 ece941 _unexpected 6 API calls 8465->8466 8468 ecd403 8466->8468 8469 ecd3f4 8467->8469 8470 ecd41e 8468->8470 8471 ecd407 8468->8471 8473 ecd52b ___free_lconv_mon 12 API calls 8469->8473 8474 ecd06e _unexpected 12 API calls 8470->8474 8472 ece941 _unexpected 6 API calls 8471->8472 8472->8469 8473->8475 8476 ecd429 8474->8476 8475->8447 8477 ecd52b ___free_lconv_mon 12 API calls 8476->8477 8477->8475 8479 ecd521 8478->8479 8480 ecd51b 8478->8480 8479->8449 8482 ece8c3 8480->8482 8483 ece7c1 _unexpected 5 API calls 8482->8483 8484 ece8df 8483->8484 8485 ece8fa TlsFree 8484->8485 8486 ece8e8 8484->8486 8486->8479 9391 ecf466 9392 ecf395 ___scrt_uninitialize_crt 70 API calls 9391->9392 9393 ecf46e 9392->9393 9401 ed1a57 9393->9401 9395 ecf473 9411 ed1b02 9395->9411 9398 ecf49d 9399 ecd52b ___free_lconv_mon 14 API calls 9398->9399 9400 ecf4a8 9399->9400 9402 ed1a63 CallCatchBlock 9401->9402 9415 ecd642 EnterCriticalSection 9402->9415 9404 ed1ada 9422 ed1af9 9404->9422 9406 ed1a6e 9406->9404 9408 ed1aae DeleteCriticalSection 9406->9408 9416 ed20a3 9406->9416 9410 ecd52b ___free_lconv_mon 14 API calls 9408->9410 9410->9406 9412 ed1b19 9411->9412 9414 ecf482 DeleteCriticalSection 9411->9414 9413 ecd52b ___free_lconv_mon 14 API calls 9412->9413 9412->9414 9413->9414 9414->9395 9414->9398 9415->9406 9417 ed20b6 ___std_exception_copy 9416->9417 9425 ed1f7e 9417->9425 9419 ed20c2 9420 ecb776 ___std_exception_copy 41 API calls 9419->9420 9421 ed20ce 9420->9421 9421->9406 9497 ecd68a LeaveCriticalSection 9422->9497 9424 ed1ae6 9424->9395 9426 ed1f8a CallCatchBlock 9425->9426 9427 ed1f94 9426->9427 9428 ed1fb7 9426->9428 9429 ecb9bd ___std_exception_copy 41 API calls 9427->9429 9435 ed1faf 9428->9435 9436 ecf4b2 EnterCriticalSection 9428->9436 9429->9435 9431 ed1fd5 9437 ed2015 9431->9437 9433 ed1fe2 9451 ed200d 9433->9451 9435->9419 9436->9431 9438 ed2045 9437->9438 9439 ed2022 9437->9439 9441 ecf2c7 ___scrt_uninitialize_crt 66 API calls 9438->9441 9442 ed203d 9438->9442 9440 ecb9bd ___std_exception_copy 41 API calls 9439->9440 9440->9442 9443 ed205d 9441->9443 9442->9433 9444 ed1b02 14 API calls 9443->9444 9445 ed2065 9444->9445 9446 ed065c ___scrt_uninitialize_crt 41 API calls 9445->9446 9447 ed2071 9446->9447 9454 ed289c 9447->9454 9450 ecd52b ___free_lconv_mon 14 API calls 9450->9442 9496 ecf4c6 LeaveCriticalSection 9451->9496 9453 ed2013 9453->9435 9455 ed2078 9454->9455 9456 ed28c5 9454->9456 9455->9442 9455->9450 9457 ed2914 9456->9457 9459 ed28ec 9456->9459 9458 ecb9bd ___std_exception_copy 41 API calls 9457->9458 9458->9455 9461 ed280b 9459->9461 9462 ed2817 CallCatchBlock 9461->9462 9469 ecf701 EnterCriticalSection 9462->9469 9464 ed2825 9465 ed2856 9464->9465 9470 ed293f 9464->9470 9483 ed2890 9465->9483 9469->9464 9471 ecf7d8 ___scrt_uninitialize_crt 41 API calls 9470->9471 9474 ed294f 9471->9474 9472 ed2955 9486 ecf747 9472->9486 9474->9472 9475 ecf7d8 ___scrt_uninitialize_crt 41 API calls 9474->9475 9482 ed2987 9474->9482 9477 ed297e 9475->9477 9476 ecf7d8 ___scrt_uninitialize_crt 41 API calls 9478 ed2993 CloseHandle 9476->9478 9480 ecf7d8 ___scrt_uninitialize_crt 41 API calls 9477->9480 9478->9472 9481 ed299f GetLastError 9478->9481 9479 ed29ad ___scrt_uninitialize_crt 9479->9465 9480->9482 9481->9472 9482->9472 9482->9476 9495 ecf724 LeaveCriticalSection 9483->9495 9485 ed2879 9485->9455 9487 ecf7bd 9486->9487 9488 ecf756 9486->9488 9489 ecbaf8 ___std_exception_copy 14 API calls 9487->9489 9488->9487 9493 ecf780 9488->9493 9490 ecf7c2 9489->9490 9491 ecbae5 ___scrt_uninitialize_crt 14 API calls 9490->9491 9492 ecf7ad 9491->9492 9492->9479 9493->9492 9494 ecf7a7 SetStdHandle 9493->9494 9494->9492 9495->9485 9496->9453 9497->9424 8557 eca3e3 8560 ecabde 8557->8560 8561 ecabec ___except_validate_context_record 8560->8561 8569 ec9b24 8561->8569 8563 ecabf2 8564 ecac31 8563->8564 8565 ecac57 8563->8565 8568 eca409 8563->8568 8564->8568 8582 ecafe9 8564->8582 8565->8568 8585 eca670 8565->8585 8635 ec9b32 8569->8635 8571 ec9b29 8571->8563 8649 eceeb2 8571->8649 8574 eccd46 8576 eccd50 IsProcessorFeaturePresent 8574->8576 8581 eccd6f 8574->8581 8577 eccd5c 8576->8577 8580 ecb83e CallUnexpected 8 API calls 8577->8580 8578 ecbfc9 CallUnexpected 23 API calls 8579 eccd79 8578->8579 8580->8581 8581->8578 8702 ecb001 8582->8702 8584 ecaffc 8584->8568 8589 eca690 __FrameHandler3::FrameUnwindToState 8585->8589 8586 eca9a8 8587 eccd36 CallUnexpected 41 API calls 8586->8587 8598 eca9ae 8586->8598 8588 ecaa19 8587->8588 8589->8586 8592 eca772 8589->8592 8593 ec9b24 __InternalCxxFrameHandler 51 API calls 8589->8593 8590 eca97d 8590->8586 8591 eca97b 8590->8591 8736 ecaa1a 8590->8736 8595 ec9b24 __InternalCxxFrameHandler 51 API calls 8591->8595 8592->8590 8594 eca7fb 8592->8594 8633 eca778 type_info::operator== 8592->8633 8597 eca6f2 8593->8597 8601 eca913 CallCatchBlock 8594->8601 8721 eca063 8594->8721 8595->8586 8597->8598 8600 ec9b24 __InternalCxxFrameHandler 51 API calls 8597->8600 8598->8568 8602 eca700 8600->8602 8601->8591 8603 eca96c 8601->8603 8604 eca957 8601->8604 8605 ec9b24 __InternalCxxFrameHandler 51 API calls 8602->8605 8606 ecb0e9 IsInExceptionSpec 41 API calls 8603->8606 8607 ec9b24 __InternalCxxFrameHandler 51 API calls 8604->8607 8614 eca708 8605->8614 8608 eca975 8606->8608 8609 eca95c 8607->8609 8608->8591 8610 eca9d8 8608->8610 8611 ec9b24 __InternalCxxFrameHandler 51 API calls 8609->8611 8613 ec9b24 __InternalCxxFrameHandler 51 API calls 8610->8613 8611->8633 8612 ec9b24 __InternalCxxFrameHandler 51 API calls 8615 eca751 8612->8615 8616 eca9dd 8613->8616 8614->8586 8614->8612 8615->8592 8620 ec9b24 __InternalCxxFrameHandler 51 API calls 8615->8620 8617 ec9b24 __InternalCxxFrameHandler 51 API calls 8616->8617 8621 eca9e5 8617->8621 8619 eca81c ___TypeMatch 8619->8601 8726 eca5f0 8619->8726 8622 eca75b 8620->8622 8762 eca256 RtlUnwind 8621->8762 8623 ec9b24 __InternalCxxFrameHandler 51 API calls 8622->8623 8627 eca766 8623->8627 8626 eca9b8 __InternalCxxFrameHandler CallCatchBlock 8759 ecb2d6 8626->8759 8716 ecb0e9 8627->8716 8628 eca9f9 8630 ecafe9 __InternalCxxFrameHandler 51 API calls 8628->8630 8632 ecaa05 __InternalCxxFrameHandler 8630->8632 8763 ecaf60 8632->8763 8633->8626 8753 eccc9b 8633->8753 8636 ec9b3e GetLastError 8635->8636 8637 ec9b3b 8635->8637 8679 ec9f70 8636->8679 8637->8571 8640 ec9bb8 SetLastError 8640->8571 8641 ec9fab ___vcrt_FlsSetValue 6 API calls 8642 ec9b6c __InternalCxxFrameHandler 8641->8642 8643 ec9b94 8642->8643 8644 ec9fab ___vcrt_FlsSetValue 6 API calls 8642->8644 8648 ec9b72 8642->8648 8645 ec9fab ___vcrt_FlsSetValue 6 API calls 8643->8645 8646 ec9ba8 8643->8646 8644->8643 8645->8646 8647 ecbb0b ___std_exception_copy 14 API calls 8646->8647 8647->8648 8648->8640 8684 ecede4 8649->8684 8652 eceef7 8653 ecef03 CallCatchBlock 8652->8653 8654 ecd391 CallUnexpected 14 API calls 8653->8654 8659 ecef30 CallUnexpected 8653->8659 8660 ecef2a CallUnexpected 8653->8660 8654->8660 8655 ecef77 8657 ecbaf8 ___std_exception_copy 14 API calls 8655->8657 8656 ecef61 8656->8574 8658 ecef7c 8657->8658 8661 ecba3a ___std_exception_copy 41 API calls 8658->8661 8662 ecefa3 8659->8662 8695 ecd642 EnterCriticalSection 8659->8695 8660->8655 8660->8656 8660->8659 8661->8656 8665 ecefe5 8662->8665 8666 ecf0d6 8662->8666 8677 ecf014 8662->8677 8672 ecd240 _unexpected 41 API calls 8665->8672 8665->8677 8668 ecf0e1 8666->8668 8700 ecd68a LeaveCriticalSection 8666->8700 8670 ecbfc9 CallUnexpected 23 API calls 8668->8670 8673 ecf0e9 8670->8673 8671 ecf069 8671->8656 8678 ecd240 _unexpected 41 API calls 8671->8678 8675 ecf009 8672->8675 8674 ecd240 _unexpected 41 API calls 8674->8671 8676 ecd240 _unexpected 41 API calls 8675->8676 8676->8677 8696 ecf083 8677->8696 8678->8656 8680 ec9eb1 ___vcrt_FlsSetValue 5 API calls 8679->8680 8681 ec9f8a 8680->8681 8682 ec9fa2 TlsGetValue 8681->8682 8683 ec9b53 8681->8683 8682->8683 8683->8640 8683->8641 8683->8648 8685 ecedf0 CallCatchBlock 8684->8685 8690 ecd642 EnterCriticalSection 8685->8690 8687 ecedfe 8691 ecee3c 8687->8691 8690->8687 8694 ecd68a LeaveCriticalSection 8691->8694 8693 eccd3b 8693->8574 8693->8652 8694->8693 8695->8662 8697 ecf089 8696->8697 8698 ecf05a 8696->8698 8701 ecd68a LeaveCriticalSection 8697->8701 8698->8656 8698->8671 8698->8674 8700->8668 8701->8698 8703 ecb00d __FrameHandler3::FrameUnwindToState CallCatchBlock 8702->8703 8704 ec9b24 __InternalCxxFrameHandler 51 API calls 8703->8704 8710 ecb028 __CallSettingFrame@12 __FrameHandler3::FrameUnwindToState 8704->8710 8706 ecb0a8 8707 eccd36 CallUnexpected 41 API calls 8706->8707 8708 ecb0ad __FrameHandler3::FrameUnwindToState 8706->8708 8709 ecb0e8 8707->8709 8708->8584 8710->8706 8711 ecb0cf 8710->8711 8712 ec9b24 __InternalCxxFrameHandler 51 API calls 8711->8712 8713 ecb0d4 8712->8713 8714 ecb0df 8713->8714 8715 ec9b24 __InternalCxxFrameHandler 51 API calls 8713->8715 8714->8706 8715->8714 8717 ecb17d 8716->8717 8720 ecb0fd ___TypeMatch 8716->8720 8718 eccd36 CallUnexpected 41 API calls 8717->8718 8719 ecb182 8718->8719 8720->8592 8722 eca081 8721->8722 8723 eca0b7 8722->8723 8724 eccd36 CallUnexpected 41 API calls 8722->8724 8723->8619 8725 eca0d2 8724->8725 8727 eca60f 8726->8727 8728 eca602 8726->8728 8779 eca256 RtlUnwind 8727->8779 8775 eca557 8728->8775 8731 eca624 8732 ecb001 __FrameHandler3::FrameUnwindToState 51 API calls 8731->8732 8733 eca635 __FrameHandler3::FrameUnwindToState 8732->8733 8780 ecad9c 8733->8780 8735 eca65d __InternalCxxFrameHandler 8735->8619 8737 ecab45 8736->8737 8738 ecaa30 8736->8738 8737->8591 8739 ec9b24 __InternalCxxFrameHandler 51 API calls 8738->8739 8740 ecaa37 8739->8740 8741 ecaa3e EncodePointer 8740->8741 8742 ecaa79 8740->8742 8743 ec9b24 __InternalCxxFrameHandler 51 API calls 8741->8743 8742->8737 8744 ecab4a 8742->8744 8745 ecaa96 8742->8745 8749 ecaa4c 8743->8749 8746 eccd36 CallUnexpected 41 API calls 8744->8746 8747 eca063 __InternalCxxFrameHandler 41 API calls 8745->8747 8748 ecab4f 8746->8748 8751 ecaaad 8747->8751 8749->8742 8750 eca130 CallCatchBlock 51 API calls 8749->8750 8750->8742 8751->8737 8752 eca5f0 __InternalCxxFrameHandler 53 API calls 8751->8752 8752->8751 8754 eccca7 CallCatchBlock 8753->8754 8755 ecd240 _unexpected 41 API calls 8754->8755 8758 ecccac 8755->8758 8756 eccd36 CallUnexpected 41 API calls 8757 ecccd6 8756->8757 8758->8756 8760 ecb31d RaiseException 8759->8760 8761 ecb2f0 8759->8761 8760->8610 8761->8760 8762->8628 8764 ecaf6c __EH_prolog3_catch 8763->8764 8765 ec9b24 __InternalCxxFrameHandler 51 API calls 8764->8765 8766 ecaf71 8765->8766 8767 ecaf94 8766->8767 8842 ecb20c 8766->8842 8768 eccd36 CallUnexpected 41 API calls 8767->8768 8770 ecaf99 8768->8770 8776 eca563 CallCatchBlock 8775->8776 8794 eca419 8776->8794 8778 eca58b __InternalCxxFrameHandler ___AdjustPointer 8778->8727 8779->8731 8781 ecada8 CallCatchBlock 8780->8781 8801 eca2da 8781->8801 8784 ec9b24 __InternalCxxFrameHandler 51 API calls 8785 ecadd4 8784->8785 8786 ec9b24 __InternalCxxFrameHandler 51 API calls 8785->8786 8787 ecaddf 8786->8787 8788 ec9b24 __InternalCxxFrameHandler 51 API calls 8787->8788 8789 ecadea 8788->8789 8790 ec9b24 __InternalCxxFrameHandler 51 API calls 8789->8790 8791 ecadf2 CallCatchBlock 8790->8791 8806 ecaee4 8791->8806 8793 ecaecc 8793->8735 8796 eca425 CallCatchBlock 8794->8796 8795 eca4a0 __InternalCxxFrameHandler ___AdjustPointer 8795->8778 8796->8795 8797 eccd36 CallUnexpected 41 API calls 8796->8797 8798 eca556 CallCatchBlock 8797->8798 8799 eca419 __InternalCxxFrameHandler 41 API calls 8798->8799 8800 eca58b __InternalCxxFrameHandler ___AdjustPointer 8799->8800 8800->8778 8802 ec9b24 __InternalCxxFrameHandler 51 API calls 8801->8802 8803 eca2eb 8802->8803 8804 ec9b24 __InternalCxxFrameHandler 51 API calls 8803->8804 8805 eca2f6 8804->8805 8805->8784 8815 eca2fe 8806->8815 8808 ecaef5 8809 ec9b24 __InternalCxxFrameHandler 51 API calls 8808->8809 8810 ecaefb 8809->8810 8811 ec9b24 __InternalCxxFrameHandler 51 API calls 8810->8811 8812 ecaf06 8811->8812 8814 ecaf47 CallCatchBlock 8812->8814 8834 ec9a14 8812->8834 8814->8793 8816 ec9b24 __InternalCxxFrameHandler 51 API calls 8815->8816 8817 eca307 8816->8817 8818 eca31d 8817->8818 8819 eca30f 8817->8819 8821 ec9b24 __InternalCxxFrameHandler 51 API calls 8818->8821 8820 ec9b24 __InternalCxxFrameHandler 51 API calls 8819->8820 8822 eca317 8820->8822 8823 eca322 8821->8823 8822->8808 8823->8822 8824 eccd36 CallUnexpected 41 API calls 8823->8824 8825 eca345 8824->8825 8826 ec73ee __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 8825->8826 8827 eca35a 8826->8827 8828 ecabde __InternalCxxFrameHandler 54 API calls 8827->8828 8833 eca365 8827->8833 8829 eca39d 8828->8829 8830 eca3b4 8829->8830 8837 eca256 RtlUnwind 8829->8837 8838 eca130 8830->8838 8833->8808 8835 ec9b24 __InternalCxxFrameHandler 51 API calls 8834->8835 8836 ec9a1c 8835->8836 8836->8814 8837->8830 8839 eca140 8838->8839 8840 eca152 CallCatchBlock 8838->8840 8839->8833 8841 ec9b24 __InternalCxxFrameHandler 51 API calls 8840->8841 8841->8839 8843 ec9b24 __InternalCxxFrameHandler 51 API calls 8842->8843 8844 ecb212 8843->8844 8845 eccc9b _unexpected 41 API calls 8844->8845 8846 ecb228 8845->8846 8875 ed0df7 8878 ece20d 8875->8878 8879 ece216 8878->8879 8880 ece248 8878->8880 8884 ecd2fb 8879->8884 8885 ecd30c 8884->8885 8886 ecd306 8884->8886 8888 ece941 _unexpected 6 API calls 8885->8888 8890 ecd312 8885->8890 8887 ece902 _unexpected 6 API calls 8886->8887 8887->8885 8889 ecd326 8888->8889 8889->8890 8891 ecd6d2 _unexpected 14 API calls 8889->8891 8892 eccd36 CallUnexpected 41 API calls 8890->8892 8908 ecd317 8890->8908 8893 ecd336 8891->8893 8894 ecd390 8892->8894 8895 ecd33e 8893->8895 8896 ecd353 8893->8896 8897 ece941 _unexpected 6 API calls 8895->8897 8898 ece941 _unexpected 6 API calls 8896->8898 8899 ecd34a 8897->8899 8900 ecd35f 8898->8900 8904 ecd52b ___free_lconv_mon 14 API calls 8899->8904 8901 ecd372 8900->8901 8902 ecd363 8900->8902 8903 ecd06e _unexpected 14 API calls 8901->8903 8905 ece941 _unexpected 6 API calls 8902->8905 8906 ecd37d 8903->8906 8904->8890 8905->8899 8907 ecd52b ___free_lconv_mon 14 API calls 8906->8907 8907->8908 8909 ece018 8908->8909 8932 ece16d 8909->8932 8915 ece06c 8916 ece074 8915->8916 8917 ece082 8915->8917 8918 ecd52b ___free_lconv_mon 14 API calls 8916->8918 8957 ece268 8917->8957 8920 ece05b 8918->8920 8920->8880 8922 ece0ba 8923 ecbaf8 ___std_exception_copy 14 API calls 8922->8923 8925 ece0bf 8923->8925 8924 ece101 8927 ece14a 8924->8927 8968 ecdc8a 8924->8968 8928 ecd52b ___free_lconv_mon 14 API calls 8925->8928 8926 ece0d5 8926->8924 8929 ecd52b ___free_lconv_mon 14 API calls 8926->8929 8931 ecd52b ___free_lconv_mon 14 API calls 8927->8931 8928->8920 8929->8924 8931->8920 8933 ece179 CallCatchBlock 8932->8933 8934 ece193 8933->8934 8976 ecd642 EnterCriticalSection 8933->8976 8937 ece042 8934->8937 8939 eccd36 CallUnexpected 41 API calls 8934->8939 8936 ece1cf 8977 ece1ec 8936->8977 8943 ecdd98 8937->8943 8941 ece20c 8939->8941 8940 ece1a3 8940->8936 8942 ecd52b ___free_lconv_mon 14 API calls 8940->8942 8942->8936 8981 ecdb29 8943->8981 8946 ecddb9 GetOEMCP 8949 ecdde2 8946->8949 8947 ecddcb 8948 ecddd0 GetACP 8947->8948 8947->8949 8948->8949 8949->8920 8950 ecfac8 8949->8950 8951 ecfb06 8950->8951 8955 ecfad6 _unexpected 8950->8955 8952 ecbaf8 ___std_exception_copy 14 API calls 8951->8952 8954 ecfb04 8952->8954 8953 ecfaf1 HeapAlloc 8953->8954 8953->8955 8954->8915 8955->8951 8955->8953 8956 eced5b _unexpected 2 API calls 8955->8956 8956->8955 8958 ecdd98 43 API calls 8957->8958 8959 ece288 8958->8959 8960 ece301 CallUnexpected 8959->8960 8962 ece2c5 IsValidCodePage 8959->8962 8961 ec73ee __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 8960->8961 8963 ece0af 8961->8963 8962->8960 8964 ece2d7 8962->8964 8963->8922 8963->8926 8965 ece306 GetCPInfo 8964->8965 8967 ece2e0 CallUnexpected 8964->8967 8965->8960 8965->8967 9024 ecde6c 8967->9024 8969 ecdc96 CallCatchBlock 8968->8969 9108 ecd642 EnterCriticalSection 8969->9108 8971 ecdca0 9109 ecdcd7 8971->9109 8976->8940 8980 ecd68a LeaveCriticalSection 8977->8980 8979 ece1f3 8979->8934 8980->8979 8982 ecdb47 8981->8982 8988 ecdb40 8981->8988 8983 ecd240 _unexpected 41 API calls 8982->8983 8982->8988 8984 ecdb68 8983->8984 8989 ed046d 8984->8989 8988->8946 8988->8947 8990 ecdb7e 8989->8990 8991 ed0480 8989->8991 8993 ed04cb 8990->8993 8991->8990 8997 ecff56 8991->8997 8994 ed04de 8993->8994 8995 ed04f3 8993->8995 8994->8995 9019 ece255 8994->9019 8995->8988 8998 ecff62 CallCatchBlock 8997->8998 8999 ecd240 _unexpected 41 API calls 8998->8999 9000 ecff6b 8999->9000 9001 ecffb1 9000->9001 9010 ecd642 EnterCriticalSection 9000->9010 9001->8990 9003 ecff89 9011 ecffd7 9003->9011 9008 eccd36 CallUnexpected 41 API calls 9009 ecffd6 9008->9009 9010->9003 9012 ecffe5 _unexpected 9011->9012 9014 ecff9a 9011->9014 9013 ecfd0a _unexpected 14 API calls 9012->9013 9012->9014 9013->9014 9015 ecffb6 9014->9015 9018 ecd68a LeaveCriticalSection 9015->9018 9017 ecffad 9017->9001 9017->9008 9018->9017 9020 ecd240 _unexpected 41 API calls 9019->9020 9021 ece25a 9020->9021 9022 ece16d ___scrt_uninitialize_crt 41 API calls 9021->9022 9023 ece265 9022->9023 9023->8995 9025 ecde94 GetCPInfo 9024->9025 9026 ecdf5d 9024->9026 9025->9026 9031 ecdeac 9025->9031 9027 ec73ee __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 9026->9027 9029 ece016 9027->9029 9029->8960 9035 ecfb64 9031->9035 9034 ed0dae 45 API calls 9034->9026 9036 ecdb29 41 API calls 9035->9036 9037 ecfb84 9036->9037 9055 ece50a 9037->9055 9039 ecfc48 9041 ec73ee __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 9039->9041 9040 ecfc40 9058 ecfc6d 9040->9058 9044 ecdf14 9041->9044 9042 ecfbb1 9042->9039 9042->9040 9043 ecfac8 15 API calls 9042->9043 9046 ecfbd6 CallUnexpected __alloca_probe_16 9042->9046 9043->9046 9050 ed0dae 9044->9050 9046->9040 9047 ece50a ___scrt_uninitialize_crt MultiByteToWideChar 9046->9047 9048 ecfc21 9047->9048 9048->9040 9049 ecfc2c GetStringTypeW 9048->9049 9049->9040 9051 ecdb29 41 API calls 9050->9051 9052 ed0dc1 9051->9052 9062 ed0bc0 9052->9062 9057 ece51b MultiByteToWideChar 9055->9057 9057->9042 9059 ecfc79 9058->9059 9060 ecfc8a 9058->9060 9059->9060 9061 ecd52b ___free_lconv_mon 14 API calls 9059->9061 9060->9039 9061->9060 9063 ed0bdb 9062->9063 9064 ece50a ___scrt_uninitialize_crt MultiByteToWideChar 9063->9064 9067 ed0c21 9064->9067 9065 ed0d99 9066 ec73ee __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 9065->9066 9068 ecdf35 9066->9068 9067->9065 9069 ecfac8 15 API calls 9067->9069 9071 ed0c47 __alloca_probe_16 9067->9071 9082 ed0ccd 9067->9082 9068->9034 9069->9071 9070 ecfc6d __freea 14 API calls 9070->9065 9072 ece50a ___scrt_uninitialize_crt MultiByteToWideChar 9071->9072 9071->9082 9073 ed0c8c 9072->9073 9073->9082 9090 ece9ce 9073->9090 9076 ed0d81 9080 ecfc6d __freea 14 API calls 9076->9080 9077 ed0cbe 9081 ece9ce 6 API calls 9077->9081 9077->9082 9078 ed0cf6 9078->9076 9079 ecfac8 15 API calls 9078->9079 9083 ed0d08 __alloca_probe_16 9078->9083 9079->9083 9080->9082 9081->9082 9082->9070 9083->9076 9084 ece9ce 6 API calls 9083->9084 9085 ed0d4b 9084->9085 9085->9076 9096 ece586 9085->9096 9087 ed0d65 9087->9076 9088 ed0d6e 9087->9088 9089 ecfc6d __freea 14 API calls 9088->9089 9089->9082 9099 ece6c2 9090->9099 9094 ecea1f LCMapStringW 9095 ece9df 9094->9095 9095->9077 9095->9078 9095->9082 9098 ece59d WideCharToMultiByte 9096->9098 9098->9087 9100 ece7c1 _unexpected 5 API calls 9099->9100 9101 ece6d8 9100->9101 9101->9095 9102 ecea2b 9101->9102 9105 ece6dc 9102->9105 9104 ecea36 9104->9094 9106 ece7c1 _unexpected 5 API calls 9105->9106 9107 ece6f2 9106->9107 9107->9104 9108->8971 9119 ece470 9109->9119 9111 ecdcf9 9112 ece470 41 API calls 9111->9112 9113 ecdd18 9112->9113 9114 ecdcad 9113->9114 9115 ecd52b ___free_lconv_mon 14 API calls 9113->9115 9116 ecdccb 9114->9116 9115->9114 9133 ecd68a LeaveCriticalSection 9116->9133 9118 ecdcb9 9118->8927 9120 ece47d __InternalCxxFrameHandler 9119->9120 9121 ece481 9119->9121 9120->9111 9122 ece488 9121->9122 9126 ece49b CallUnexpected 9121->9126 9123 ecbaf8 ___std_exception_copy 14 API calls 9122->9123 9124 ece48d 9123->9124 9125 ecba3a ___std_exception_copy 41 API calls 9124->9125 9125->9120 9126->9120 9127 ece4c9 9126->9127 9129 ece4d2 9126->9129 9128 ecbaf8 ___std_exception_copy 14 API calls 9127->9128 9130 ece4ce 9128->9130 9129->9120 9131 ecbaf8 ___std_exception_copy 14 API calls 9129->9131 9132 ecba3a ___std_exception_copy 41 API calls 9130->9132 9131->9130 9132->9120 9133->9118 9203 eccbd6 9206 eccb5d 9203->9206 9207 eccb69 CallCatchBlock 9206->9207 9214 ecd642 EnterCriticalSection 9207->9214 9209 eccb73 9210 eccba1 9209->9210 9212 ecffd7 ___scrt_uninitialize_crt 14 API calls 9209->9212 9215 eccbbf 9210->9215 9212->9209 9214->9209 9218 ecd68a LeaveCriticalSection 9215->9218 9217 eccbad 9218->9217 9685 ecec27 9686 ecec33 CallCatchBlock 9685->9686 9697 ecd642 EnterCriticalSection 9686->9697 9688 ecec3a 9698 ecf663 9688->9698 9696 ecec58 9722 ecec7e 9696->9722 9697->9688 9699 ecf66f CallCatchBlock 9698->9699 9700 ecf678 9699->9700 9701 ecf699 9699->9701 9703 ecbaf8 ___std_exception_copy 14 API calls 9700->9703 9725 ecd642 EnterCriticalSection 9701->9725 9704 ecf67d 9703->9704 9705 ecba3a ___std_exception_copy 41 API calls 9704->9705 9706 ecec49 9705->9706 9706->9696 9711 eceac1 GetStartupInfoW 9706->9711 9707 ecf6d1 9733 ecf6f8 9707->9733 9708 ecf6a5 9708->9707 9726 ecf5b3 9708->9726 9712 eceade 9711->9712 9713 eceb72 9711->9713 9712->9713 9714 ecf663 42 API calls 9712->9714 9717 eceb77 9713->9717 9715 eceb06 9714->9715 9715->9713 9716 eceb36 GetFileType 9715->9716 9716->9715 9718 eceb7e 9717->9718 9719 ecebc1 GetStdHandle 9718->9719 9720 ecec23 9718->9720 9721 ecebd4 GetFileType 9718->9721 9719->9718 9720->9696 9721->9718 9737 ecd68a LeaveCriticalSection 9722->9737 9724 ecec69 9725->9708 9727 ecd6d2 _unexpected 14 API calls 9726->9727 9729 ecf5c5 9727->9729 9728 ecf5d2 9730 ecd52b ___free_lconv_mon 14 API calls 9728->9730 9729->9728 9731 ece983 6 API calls 9729->9731 9732 ecf627 9730->9732 9731->9729 9732->9708 9736 ecd68a LeaveCriticalSection 9733->9736 9735 ecf6ff 9735->9706 9736->9735 9737->9724 7450 ec7905 7451 ec7911 CallCatchBlock 7450->7451 7476 ec7657 7451->7476 7453 ec7918 7454 ec7a6b 7453->7454 7463 ec7942 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock CallUnexpected 7453->7463 7524 ec7bb0 IsProcessorFeaturePresent 7454->7524 7456 ec7a72 7504 ecc006 7456->7504 7461 ec7961 7462 ec79e2 7484 ec7ccb 7462->7484 7463->7461 7463->7462 7507 ecbfe0 7463->7507 7465 ec79e8 7488 ec6c1e GetModuleHandleW GetProcAddress 7465->7488 7468 ec79fd 7513 ec7d04 GetModuleHandleW 7468->7513 7471 ec7a08 7472 ec7a11 7471->7472 7515 ecbfba 7471->7515 7518 ec77c8 7472->7518 7477 ec7660 7476->7477 7531 ec7db1 IsProcessorFeaturePresent 7477->7531 7481 ec7671 7483 ec7675 7481->7483 7541 ec9759 7481->7541 7483->7453 7603 ec95e0 7484->7603 7487 ec7cf1 7487->7465 7489 ec6c3d 7488->7489 7605 ec6887 7489->7605 7491 ec6c4c 7632 ec6dd7 7491->7632 7493 ec6c56 7635 ec6a8c 7493->7635 7496 ec6c6b LoadLibraryExW 7497 ec6c7e 7496->7497 7498 ec6c87 GetProcAddress 7496->7498 7666 ec6820 GetLastError 7497->7666 7499 ec6ca5 FreeLibrary 7498->7499 7500 ec6c99 GetCommandLineW 7498->7500 7503 ec6c83 7499->7503 7500->7499 7503->7468 7973 ecbe30 7504->7973 7508 ecbff6 _unexpected CallCatchBlock 7507->7508 7508->7462 8063 ecd240 GetLastError 7508->8063 7510 eccd36 CallUnexpected 41 API calls 7511 ecccd6 7510->7511 7514 ec7a04 7513->7514 7514->7456 7514->7471 7516 ecbe30 CallUnexpected 23 API calls 7515->7516 7517 ecbfc5 7516->7517 7517->7472 7519 ec77d4 7518->7519 7520 ec77ea 7519->7520 8268 ecc9ca 7519->8268 7520->7461 7522 ec77e2 7523 ec9759 ___scrt_uninitialize_crt 7 API calls 7522->7523 7523->7520 7525 ec7bc6 CallUnexpected 7524->7525 7526 ec7c71 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 7525->7526 7527 ec7cbc CallUnexpected 7526->7527 7527->7456 7528 ecbfc9 7529 ecbe30 CallUnexpected 23 API calls 7528->7529 7530 ec7a80 7529->7530 7532 ec766c 7531->7532 7533 ec973a 7532->7533 7547 ec9c12 7533->7547 7536 ec9743 7536->7481 7538 ec974b 7539 ec9756 7538->7539 7561 ec9c4e 7538->7561 7539->7481 7542 ec976c 7541->7542 7543 ec9762 7541->7543 7542->7483 7544 ec9bf7 ___vcrt_uninitialize_ptd 6 API calls 7543->7544 7545 ec9767 7544->7545 7546 ec9c4e ___vcrt_uninitialize_locks DeleteCriticalSection 7545->7546 7546->7542 7548 ec9c1b 7547->7548 7550 ec9c44 7548->7550 7552 ec973f 7548->7552 7565 ec9fe9 7548->7565 7551 ec9c4e ___vcrt_uninitialize_locks DeleteCriticalSection 7550->7551 7551->7552 7552->7536 7553 ec9bc4 7552->7553 7584 ec9efa 7553->7584 7558 ec9bf4 7558->7538 7560 ec9bd9 7560->7538 7562 ec9c78 7561->7562 7563 ec9c59 7561->7563 7562->7536 7564 ec9c63 DeleteCriticalSection 7563->7564 7564->7562 7564->7564 7570 ec9eb1 7565->7570 7568 eca00c 7568->7548 7569 eca021 InitializeCriticalSectionAndSpinCount 7569->7568 7571 ec9ec9 7570->7571 7575 ec9eec 7570->7575 7571->7575 7576 ec9e17 7571->7576 7574 ec9ede GetProcAddress 7574->7575 7575->7568 7575->7569 7582 ec9e23 7576->7582 7577 ec9e97 7577->7574 7577->7575 7578 ec9e39 LoadLibraryExW 7579 ec9e9e 7578->7579 7580 ec9e57 GetLastError 7578->7580 7579->7577 7581 ec9ea6 FreeLibrary 7579->7581 7580->7582 7581->7577 7582->7577 7582->7578 7583 ec9e79 LoadLibraryExW 7582->7583 7583->7579 7583->7582 7585 ec9eb1 ___vcrt_FlsSetValue 5 API calls 7584->7585 7586 ec9f14 7585->7586 7587 ec9f2d TlsAlloc 7586->7587 7588 ec9bce 7586->7588 7588->7560 7589 ec9fab 7588->7589 7590 ec9eb1 ___vcrt_FlsSetValue 5 API calls 7589->7590 7591 ec9fc5 7590->7591 7592 ec9fe0 TlsSetValue 7591->7592 7593 ec9be7 7591->7593 7592->7593 7593->7558 7594 ec9bf7 7593->7594 7595 ec9c07 7594->7595 7596 ec9c01 7594->7596 7595->7560 7598 ec9f35 7596->7598 7599 ec9eb1 ___vcrt_FlsSetValue 5 API calls 7598->7599 7600 ec9f4f 7599->7600 7601 ec9f67 TlsFree 7600->7601 7602 ec9f5b 7600->7602 7601->7602 7602->7595 7604 ec7cde GetStartupInfoW 7603->7604 7604->7487 7606 ec6dd7 56 API calls 7605->7606 7607 ec6898 7606->7607 7608 ec68b1 GetModuleFileNameW 7607->7608 7609 ec68c9 7608->7609 7610 ec69a0 7609->7610 7668 ec664f 7609->7668 7610->7491 7612 ec69e3 7614 ec6914 7707 ec6eab 7614->7707 7615 ec6906 7698 ec6f7d 7615->7698 7618 ec6912 7683 ec6cc6 7618->7683 7620 ec6931 7687 ec6ffa 7620->7687 7622 ec693c 7691 ec6d76 7622->7691 7624 ec694e 7625 ec6dd7 56 API calls 7624->7625 7626 ec695e 7625->7626 7627 ec6973 SHGetFolderPathW 7626->7627 7628 ec698c 7627->7628 7628->7610 7720 ec6d3c 7628->7720 7630 ec6998 7631 ec6d3c CharLowerBuffW 7630->7631 7631->7610 7633 ec664f 56 API calls 7632->7633 7634 ec6ddf 7633->7634 7634->7493 7636 ec6ac1 CallUnexpected 7635->7636 7637 ec6ad0 GetModuleFileNameW 7636->7637 7638 ec6aeb 7637->7638 7639 ec6af5 PathRemoveFileSpecW 7637->7639 7640 ec6820 GetLastError 7638->7640 7953 ecb6ca 7639->7953 7663 ec6af0 7640->7663 7643 ec6b31 7962 ec683b 7643->7962 7646 ec6c1c 7646->7496 7646->7503 7648 ec6b40 7653 ec6eab 41 API calls 7648->7653 7649 ec6b63 7650 ecb6ca 41 API calls 7649->7650 7651 ec6b7b 7650->7651 7652 ec6dd7 56 API calls 7651->7652 7654 ec6b89 7652->7654 7653->7663 7968 ec69ee RegOpenKeyExW 7654->7968 7656 ec6b9a 7657 ec6ba0 PathAppendW 7656->7657 7656->7663 7658 ec6bc5 7657->7658 7659 ec6bb3 PathAppendW 7657->7659 7661 ec6820 GetLastError 7658->7661 7659->7658 7660 ec6bce 7659->7660 7662 ec683b 6 API calls 7660->7662 7661->7663 7664 ec6bd9 7662->7664 7946 ec73ee 7663->7946 7664->7663 7665 ec6eab 41 API calls 7664->7665 7665->7663 7667 ec682a 7666->7667 7667->7503 7669 ec667d 7668->7669 7680 ec6666 7668->7680 7725 ec750b EnterCriticalSection 7669->7725 7671 ec6688 7673 ec6692 GetProcessHeap 7671->7673 7671->7680 7672 ec750b 6 API calls 7674 ec66cd 7672->7674 7730 ec781d 7673->7730 7677 ec781d 44 API calls 7674->7677 7682 ec6678 7674->7682 7679 ec671a 7677->7679 7681 ec74c1 __Init_thread_footer 5 API calls 7679->7681 7680->7672 7680->7682 7681->7682 7682->7612 7682->7614 7682->7615 7815 ec6dfe 7683->7815 7685 ec6cd4 PathRemoveFileSpecW 7686 ec6ce3 7685->7686 7686->7620 7688 ec7005 7687->7688 7689 ec7013 7688->7689 7817 ec70a4 7688->7817 7689->7622 7692 ec6d8e 7691->7692 7697 ec6da2 7691->7697 7693 ec6dc3 7692->7693 7695 ec6d9d 7692->7695 7694 ec6eab 41 API calls 7693->7694 7694->7697 7696 ec6ffa 14 API calls 7695->7696 7696->7697 7697->7624 7823 ec7387 EnterCriticalSection 7698->7823 7700 ec6fef 7700->7618 7701 ec6fa8 FindResourceExW 7704 ec6f92 7701->7704 7703 ec7387 5 API calls 7703->7704 7704->7700 7704->7701 7704->7703 7705 ec6fe0 7704->7705 7828 ec6539 LoadResource 7704->7828 7705->7700 7832 ec7118 FindResourceW 7705->7832 7709 ec6ec3 7707->7709 7716 ec6eb9 __InternalCxxFrameHandler 7707->7716 7708 ec6f57 7709->7708 7710 ec6f3d 7709->7710 7711 ec6ef3 7709->7711 7712 ec70a4 14 API calls 7710->7712 7713 ec6f04 7711->7713 7714 ec6f1a 7711->7714 7711->7716 7712->7716 7715 ecbaf8 ___std_exception_copy 14 API calls 7713->7715 7714->7716 7718 ecbaf8 ___std_exception_copy 14 API calls 7714->7718 7717 ec6f09 7715->7717 7716->7618 7719 ecba3a ___std_exception_copy 41 API calls 7717->7719 7718->7717 7719->7716 7721 ec6d4b 7720->7721 7722 ec6d6b 7721->7722 7723 ec6d56 CharLowerBuffW 7721->7723 7724 ec6d66 7723->7724 7724->7630 7726 ec751f 7725->7726 7727 ec7524 LeaveCriticalSection 7726->7727 7738 ec7593 7726->7738 7727->7671 7743 ec77f0 7730->7743 7733 ec74c1 EnterCriticalSection LeaveCriticalSection 7734 ec755d 7733->7734 7735 ec7568 RtlWakeAllConditionVariable 7734->7735 7736 ec7579 SetEvent ResetEvent 7734->7736 7735->7680 7736->7680 7739 ec75ba LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 7738->7739 7740 ec75a1 SleepConditionVariableCS 7738->7740 7741 ec75de 7739->7741 7740->7741 7741->7726 7744 ec77ff 7743->7744 7745 ec7806 7743->7745 7749 ecc80d 7744->7749 7752 ecc88a 7745->7752 7748 ec66b8 7748->7733 7750 ecc88a 44 API calls 7749->7750 7751 ecc81f 7750->7751 7751->7748 7755 ecc5d6 7752->7755 7756 ecc5e2 CallCatchBlock 7755->7756 7763 ecd642 EnterCriticalSection 7756->7763 7758 ecc5f0 7764 ecc631 7758->7764 7760 ecc5fd 7774 ecc625 7760->7774 7763->7758 7765 ecc64c 7764->7765 7773 ecc6bf _unexpected 7764->7773 7766 ecc69f 7765->7766 7765->7773 7777 ecbb26 7765->7777 7768 ecbb26 44 API calls 7766->7768 7766->7773 7769 ecc6b5 7768->7769 7771 ecd52b ___free_lconv_mon 14 API calls 7769->7771 7770 ecc695 7786 ecd52b 7770->7786 7771->7773 7773->7760 7814 ecd68a LeaveCriticalSection 7774->7814 7776 ecc60e 7776->7748 7778 ecbb4e 7777->7778 7779 ecbb33 7777->7779 7780 ecbb5d 7778->7780 7795 ecd565 7778->7795 7779->7778 7781 ecbb3f 7779->7781 7802 ecd598 7780->7802 7792 ecbaf8 7781->7792 7785 ecbb44 CallUnexpected 7785->7770 7787 ecd536 HeapFree 7786->7787 7788 ecd560 7786->7788 7787->7788 7789 ecd54b GetLastError 7787->7789 7788->7766 7790 ecd558 ___free_lconv_mon 7789->7790 7791 ecbaf8 ___std_exception_copy 12 API calls 7790->7791 7791->7788 7793 ecd391 CallUnexpected 14 API calls 7792->7793 7794 ecbafd 7793->7794 7794->7785 7796 ecd585 HeapSize 7795->7796 7797 ecd570 7795->7797 7796->7780 7798 ecbaf8 ___std_exception_copy 14 API calls 7797->7798 7799 ecd575 7798->7799 7800 ecba3a ___std_exception_copy 41 API calls 7799->7800 7801 ecd580 7800->7801 7801->7780 7803 ecd5a5 7802->7803 7804 ecd5b0 7802->7804 7805 ecfac8 15 API calls 7803->7805 7806 ecd5b8 7804->7806 7812 ecd5c1 _unexpected 7804->7812 7810 ecd5ad 7805->7810 7807 ecd52b ___free_lconv_mon 14 API calls 7806->7807 7807->7810 7808 ecd5eb HeapReAlloc 7808->7810 7808->7812 7809 ecd5c6 7811 ecbaf8 ___std_exception_copy 14 API calls 7809->7811 7810->7785 7811->7810 7812->7808 7812->7809 7813 eced5b _unexpected EnterCriticalSection LeaveCriticalSection 7812->7813 7813->7812 7814->7776 7816 ec6e2f 7815->7816 7818 ec70d9 __InternalCxxFrameHandler 7817->7818 7819 ec70b6 7817->7819 7818->7689 7820 ecbaf8 ___std_exception_copy 14 API calls 7819->7820 7822 ec70bf CallUnexpected 7819->7822 7820->7822 7821 ecbaf8 14 API calls ___std_exception_copy 7821->7822 7822->7818 7822->7821 7824 ec73a9 LeaveCriticalSection 7823->7824 7825 ec73a0 7823->7825 7824->7704 7825->7824 7838 ec7362 7825->7838 7829 ec656f 7828->7829 7830 ec654f LockResource 7828->7830 7829->7704 7830->7829 7831 ec655c SizeofResource 7830->7831 7831->7829 7833 ec7139 7832->7833 7837 ec7168 7832->7837 7834 ec6539 3 API calls 7833->7834 7835 ec7146 7834->7835 7835->7837 7849 ecb61a 7835->7849 7837->7700 7839 ec736c 7838->7839 7840 ec7371 7839->7840 7848 ec64a0 RaiseException 7839->7848 7840->7824 7842 ec7386 EnterCriticalSection 7844 ec73a9 LeaveCriticalSection 7842->7844 7845 ec73a0 7842->7845 7844->7824 7845->7844 7847 ec7362 RaiseException 7845->7847 7847->7844 7848->7842 7850 ecb62b 7849->7850 7854 ecb627 __InternalCxxFrameHandler 7849->7854 7851 ecb632 7850->7851 7855 ecb645 _wmemset 7850->7855 7852 ecbaf8 ___std_exception_copy 14 API calls 7851->7852 7853 ecb637 7852->7853 7863 ecba3a 7853->7863 7854->7837 7855->7854 7857 ecb67f 7855->7857 7858 ecb676 7855->7858 7857->7854 7860 ecbaf8 ___std_exception_copy 14 API calls 7857->7860 7859 ecbaf8 ___std_exception_copy 14 API calls 7858->7859 7861 ecb67b 7859->7861 7860->7861 7862 ecba3a ___std_exception_copy 41 API calls 7861->7862 7862->7854 7866 ecb986 7863->7866 7867 ecb998 ___std_exception_copy 7866->7867 7872 ecb9bd 7867->7872 7869 ecb9b0 7883 ecb776 7869->7883 7873 ecb9cd 7872->7873 7874 ecb9d4 7872->7874 7889 ecb7db GetLastError 7873->7889 7879 ecb9e2 7874->7879 7893 ecb7b2 7874->7893 7877 ecba09 7877->7879 7896 ecba4a IsProcessorFeaturePresent 7877->7896 7879->7869 7880 ecba39 7881 ecb986 ___std_exception_copy 41 API calls 7880->7881 7882 ecba46 7881->7882 7882->7869 7884 ecb782 7883->7884 7885 ecb799 7884->7885 7928 ecb821 7884->7928 7886 ecb7ac 7885->7886 7888 ecb821 ___std_exception_copy 41 API calls 7885->7888 7886->7854 7888->7886 7890 ecb7f4 7889->7890 7900 ecd442 7890->7900 7894 ecb7bd GetLastError SetLastError 7893->7894 7895 ecb7d6 7893->7895 7894->7877 7895->7877 7897 ecba56 7896->7897 7922 ecb83e 7897->7922 7901 ecd45b 7900->7901 7902 ecd455 7900->7902 7903 ece941 _unexpected 6 API calls 7901->7903 7921 ecb80c SetLastError 7901->7921 7904 ece902 _unexpected 6 API calls 7902->7904 7905 ecd475 7903->7905 7904->7901 7906 ecd6d2 _unexpected 14 API calls 7905->7906 7905->7921 7907 ecd485 7906->7907 7908 ecd48d 7907->7908 7909 ecd4a2 7907->7909 7910 ece941 _unexpected 6 API calls 7908->7910 7911 ece941 _unexpected 6 API calls 7909->7911 7912 ecd499 7910->7912 7913 ecd4ae 7911->7913 7917 ecd52b ___free_lconv_mon 14 API calls 7912->7917 7914 ecd4c1 7913->7914 7915 ecd4b2 7913->7915 7916 ecd06e _unexpected 14 API calls 7914->7916 7918 ece941 _unexpected 6 API calls 7915->7918 7919 ecd4cc 7916->7919 7917->7921 7918->7912 7920 ecd52b ___free_lconv_mon 14 API calls 7919->7920 7920->7921 7921->7874 7923 ecb85a CallUnexpected 7922->7923 7924 ecb886 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 7923->7924 7926 ecb957 CallUnexpected 7924->7926 7925 ec73ee __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 7927 ecb975 GetCurrentProcess TerminateProcess 7925->7927 7926->7925 7927->7880 7929 ecb82b 7928->7929 7930 ecb834 7928->7930 7931 ecb7db ___std_exception_copy 16 API calls 7929->7931 7930->7885 7932 ecb830 7931->7932 7932->7930 7935 eccd36 7932->7935 7936 eceeb2 CallUnexpected EnterCriticalSection LeaveCriticalSection 7935->7936 7937 eccd3b 7936->7937 7938 eceef7 CallUnexpected 40 API calls 7937->7938 7941 eccd46 7937->7941 7938->7941 7939 eccd50 IsProcessorFeaturePresent 7942 eccd5c 7939->7942 7940 eccd6f 7943 ecbfc9 CallUnexpected 23 API calls 7940->7943 7941->7939 7941->7940 7945 ecb83e CallUnexpected 8 API calls 7942->7945 7944 eccd79 7943->7944 7945->7940 7947 ec73f6 7946->7947 7948 ec73f7 IsProcessorFeaturePresent 7946->7948 7947->7646 7950 ec7acb 7948->7950 7972 ec7a8e SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 7950->7972 7952 ec7bae 7952->7646 7954 ecb6d8 7953->7954 7955 ecb6e6 7953->7955 7954->7955 7960 ecb700 7954->7960 7956 ecbaf8 ___std_exception_copy 14 API calls 7955->7956 7957 ecb6f0 7956->7957 7958 ecba3a ___std_exception_copy 41 API calls 7957->7958 7959 ec6b16 PathAppendW 7958->7959 7959->7638 7959->7643 7960->7959 7961 ecbaf8 ___std_exception_copy 14 API calls 7960->7961 7961->7957 7963 ec6878 7962->7963 7964 ec6852 7962->7964 7966 ec73ee __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 7963->7966 7964->7963 7965 ec6859 GetFileAttributesExW 7964->7965 7965->7963 7967 ec6885 7966->7967 7967->7648 7967->7649 7969 ec6a2b 7968->7969 7971 ec6a1f 7968->7971 7970 ec6a43 SHQueryValueExW 7969->7970 7970->7971 7971->7656 7972->7952 7974 ecbe5d 7973->7974 7975 ecbe6f 7973->7975 7976 ec7d04 CallUnexpected GetModuleHandleW 7974->7976 7985 ecbcd9 7975->7985 7978 ecbe62 7976->7978 7978->7975 8000 ecbf1a GetModuleHandleExW 7978->8000 7979 ec7a78 7979->7528 7983 ecbec1 7986 ecbce5 CallCatchBlock 7985->7986 8006 ecd642 EnterCriticalSection 7986->8006 7988 ecbcef 8007 ecbd45 7988->8007 7990 ecbcfc 8011 ecbd1a 7990->8011 7993 ecbec7 8036 ecbef8 7993->8036 7996 ecbee5 7998 ecbf1a CallUnexpected 3 API calls 7996->7998 7997 ecbed5 GetCurrentProcess TerminateProcess 7997->7996 7999 ecbeed ExitProcess 7998->7999 8001 ecbf59 GetProcAddress 8000->8001 8002 ecbf7a 8000->8002 8001->8002 8005 ecbf6d 8001->8005 8003 ecbe6e 8002->8003 8004 ecbf80 FreeLibrary 8002->8004 8003->7975 8004->8003 8005->8002 8006->7988 8008 ecbd51 CallCatchBlock 8007->8008 8010 ecbdb8 CallUnexpected 8008->8010 8014 ecc823 8008->8014 8010->7990 8035 ecd68a LeaveCriticalSection 8011->8035 8013 ecbd08 8013->7979 8013->7993 8015 ecc82f __EH_prolog3 8014->8015 8018 ecc57b 8015->8018 8017 ecc856 CallUnexpected 8017->8010 8019 ecc587 CallCatchBlock 8018->8019 8026 ecd642 EnterCriticalSection 8019->8026 8021 ecc595 8027 ecc733 8021->8027 8026->8021 8028 ecc752 8027->8028 8029 ecc5a2 8027->8029 8028->8029 8030 ecd52b ___free_lconv_mon 14 API calls 8028->8030 8031 ecc5ca 8029->8031 8030->8029 8034 ecd68a LeaveCriticalSection 8031->8034 8033 ecc5b3 8033->8017 8034->8033 8035->8013 8041 ecd6a1 GetPEB 8036->8041 8039 ecbf02 GetPEB 8040 ecbed1 8039->8040 8040->7996 8040->7997 8042 ecbefd 8041->8042 8043 ecd6bb 8041->8043 8042->8039 8042->8040 8045 ece844 8043->8045 8048 ece7c1 8045->8048 8049 ece7ef 8048->8049 8053 ece7eb 8048->8053 8049->8053 8055 ece6f6 8049->8055 8052 ece809 GetProcAddress 8052->8053 8054 ece819 _unexpected 8052->8054 8053->8042 8054->8053 8061 ece707 8055->8061 8056 ece79d 8056->8052 8056->8053 8057 ece725 LoadLibraryExW 8058 ece7a4 8057->8058 8059 ece740 GetLastError 8057->8059 8058->8056 8060 ece7b6 FreeLibrary 8058->8060 8059->8061 8060->8056 8061->8056 8061->8057 8062 ece773 LoadLibraryExW 8061->8062 8062->8058 8062->8061 8064 ecd256 8063->8064 8065 ecd25c 8063->8065 8090 ece902 8064->8090 8069 ecd260 SetLastError 8065->8069 8095 ece941 8065->8095 8073 ecd2f5 8069->8073 8074 ecccac 8069->8074 8077 eccd36 CallUnexpected 39 API calls 8073->8077 8074->7510 8075 ecd295 8078 ece941 _unexpected 6 API calls 8075->8078 8076 ecd2a6 8079 ece941 _unexpected 6 API calls 8076->8079 8080 ecd2fa 8077->8080 8081 ecd2a3 8078->8081 8082 ecd2b2 8079->8082 8087 ecd52b ___free_lconv_mon 14 API calls 8081->8087 8083 ecd2cd 8082->8083 8084 ecd2b6 8082->8084 8107 ecd06e 8083->8107 8086 ece941 _unexpected 6 API calls 8084->8086 8086->8081 8087->8069 8089 ecd52b ___free_lconv_mon 14 API calls 8089->8069 8091 ece7c1 _unexpected 5 API calls 8090->8091 8092 ece91e 8091->8092 8093 ece939 TlsGetValue 8092->8093 8094 ece927 8092->8094 8094->8065 8096 ece7c1 _unexpected 5 API calls 8095->8096 8097 ece95d 8096->8097 8098 ece97b TlsSetValue 8097->8098 8099 ecd278 8097->8099 8099->8069 8100 ecd6d2 8099->8100 8101 ecd6df _unexpected 8100->8101 8102 ecd71f 8101->8102 8103 ecd70a RtlAllocateHeap 8101->8103 8112 eced5b 8101->8112 8105 ecbaf8 ___std_exception_copy 13 API calls 8102->8105 8103->8101 8104 ecd28d 8103->8104 8104->8075 8104->8076 8105->8104 8126 eccf02 8107->8126 8115 eced88 8112->8115 8116 eced94 CallCatchBlock 8115->8116 8121 ecd642 EnterCriticalSection 8116->8121 8118 eced9f 8122 eceddb 8118->8122 8121->8118 8125 ecd68a LeaveCriticalSection 8122->8125 8124 eced66 8124->8101 8125->8124 8127 eccf0e CallCatchBlock 8126->8127 8140 ecd642 EnterCriticalSection 8127->8140 8129 eccf18 8141 eccf48 8129->8141 8132 ecd014 8133 ecd020 CallCatchBlock 8132->8133 8145 ecd642 EnterCriticalSection 8133->8145 8135 ecd02a 8146 ecd1f5 8135->8146 8137 ecd042 8150 ecd062 8137->8150 8140->8129 8144 ecd68a LeaveCriticalSection 8141->8144 8143 eccf36 8143->8132 8144->8143 8145->8135 8147 ecd204 _unexpected 8146->8147 8149 ecd22b _unexpected 8146->8149 8147->8149 8153 ecfd0a 8147->8153 8149->8137 8267 ecd68a LeaveCriticalSection 8150->8267 8152 ecd050 8152->8089 8155 ecfd8a 8153->8155 8157 ecfd20 8153->8157 8158 ecd52b ___free_lconv_mon 14 API calls 8155->8158 8180 ecfdd8 8155->8180 8156 ecfde6 8166 ecfe46 8156->8166 8178 ecd52b 14 API calls ___free_lconv_mon 8156->8178 8157->8155 8162 ecd52b ___free_lconv_mon 14 API calls 8157->8162 8163 ecfd53 8157->8163 8159 ecfdac 8158->8159 8160 ecd52b ___free_lconv_mon 14 API calls 8159->8160 8164 ecfdbf 8160->8164 8161 ecd52b ___free_lconv_mon 14 API calls 8165 ecfd7f 8161->8165 8167 ecfd48 8162->8167 8168 ecd52b ___free_lconv_mon 14 API calls 8163->8168 8179 ecfd75 8163->8179 8169 ecd52b ___free_lconv_mon 14 API calls 8164->8169 8170 ecd52b ___free_lconv_mon 14 API calls 8165->8170 8171 ecd52b ___free_lconv_mon 14 API calls 8166->8171 8181 ecf858 8167->8181 8173 ecfd6a 8168->8173 8174 ecfdcd 8169->8174 8170->8155 8175 ecfe4c 8171->8175 8209 ecf956 8173->8209 8177 ecd52b ___free_lconv_mon 14 API calls 8174->8177 8175->8149 8177->8180 8178->8156 8179->8161 8221 ecfe7b 8180->8221 8182 ecf869 8181->8182 8208 ecf952 8181->8208 8183 ecf87a 8182->8183 8185 ecd52b ___free_lconv_mon 14 API calls 8182->8185 8184 ecf88c 8183->8184 8186 ecd52b ___free_lconv_mon 14 API calls 8183->8186 8187 ecf89e 8184->8187 8188 ecd52b ___free_lconv_mon 14 API calls 8184->8188 8185->8183 8186->8184 8189 ecf8b0 8187->8189 8190 ecd52b ___free_lconv_mon 14 API calls 8187->8190 8188->8187 8191 ecd52b ___free_lconv_mon 14 API calls 8189->8191 8193 ecf8c2 8189->8193 8190->8189 8191->8193 8192 ecd52b ___free_lconv_mon 14 API calls 8194 ecf8d4 8192->8194 8193->8192 8193->8194 8195 ecd52b ___free_lconv_mon 14 API calls 8194->8195 8197 ecf8e6 8194->8197 8195->8197 8196 ecf8f8 8199 ecf90a 8196->8199 8201 ecd52b ___free_lconv_mon 14 API calls 8196->8201 8197->8196 8198 ecd52b ___free_lconv_mon 14 API calls 8197->8198 8198->8196 8200 ecf91c 8199->8200 8202 ecd52b ___free_lconv_mon 14 API calls 8199->8202 8203 ecf92e 8200->8203 8204 ecd52b ___free_lconv_mon 14 API calls 8200->8204 8201->8199 8202->8200 8205 ecf940 8203->8205 8206 ecd52b ___free_lconv_mon 14 API calls 8203->8206 8204->8203 8207 ecd52b ___free_lconv_mon 14 API calls 8205->8207 8205->8208 8206->8205 8207->8208 8208->8163 8210 ecf963 8209->8210 8220 ecf9bb 8209->8220 8211 ecd52b ___free_lconv_mon 14 API calls 8210->8211 8213 ecf973 8210->8213 8211->8213 8212 ecf985 8215 ecf997 8212->8215 8216 ecd52b ___free_lconv_mon 14 API calls 8212->8216 8213->8212 8214 ecd52b ___free_lconv_mon 14 API calls 8213->8214 8214->8212 8217 ecf9a9 8215->8217 8218 ecd52b ___free_lconv_mon 14 API calls 8215->8218 8216->8215 8219 ecd52b ___free_lconv_mon 14 API calls 8217->8219 8217->8220 8218->8217 8219->8220 8220->8179 8222 ecfe88 8221->8222 8226 ecfea7 8221->8226 8222->8226 8227 ecf9e4 8222->8227 8225 ecd52b ___free_lconv_mon 14 API calls 8225->8226 8226->8156 8228 ecfac2 8227->8228 8229 ecf9f5 8227->8229 8228->8225 8263 ecf9bf 8229->8263 8232 ecf9bf _unexpected 14 API calls 8233 ecfa08 8232->8233 8234 ecf9bf _unexpected 14 API calls 8233->8234 8235 ecfa13 8234->8235 8236 ecf9bf _unexpected 14 API calls 8235->8236 8237 ecfa1e 8236->8237 8238 ecf9bf _unexpected 14 API calls 8237->8238 8239 ecfa2c 8238->8239 8240 ecd52b ___free_lconv_mon 14 API calls 8239->8240 8241 ecfa37 8240->8241 8242 ecd52b ___free_lconv_mon 14 API calls 8241->8242 8243 ecfa42 8242->8243 8244 ecd52b ___free_lconv_mon 14 API calls 8243->8244 8245 ecfa4d 8244->8245 8246 ecf9bf _unexpected 14 API calls 8245->8246 8247 ecfa5b 8246->8247 8248 ecf9bf _unexpected 14 API calls 8247->8248 8249 ecfa69 8248->8249 8250 ecf9bf _unexpected 14 API calls 8249->8250 8251 ecfa7a 8250->8251 8252 ecf9bf _unexpected 14 API calls 8251->8252 8253 ecfa88 8252->8253 8254 ecf9bf _unexpected 14 API calls 8253->8254 8255 ecfa96 8254->8255 8256 ecd52b ___free_lconv_mon 14 API calls 8255->8256 8257 ecfaa1 8256->8257 8258 ecd52b ___free_lconv_mon 14 API calls 8257->8258 8259 ecfaac 8258->8259 8260 ecd52b ___free_lconv_mon 14 API calls 8259->8260 8261 ecfab7 8260->8261 8262 ecd52b ___free_lconv_mon 14 API calls 8261->8262 8262->8228 8264 ecf9d1 8263->8264 8265 ecf9e0 8264->8265 8266 ecd52b ___free_lconv_mon 14 API calls 8264->8266 8265->8232 8266->8264 8267->8152 8269 ecc9d5 8268->8269 8271 ecc9e7 ___scrt_uninitialize_crt 8268->8271 8270 ecc9e3 8269->8270 8273 ecf395 8269->8273 8270->7522 8271->7522 8276 ecf222 8273->8276 8279 ecf176 8276->8279 8280 ecf182 CallCatchBlock 8279->8280 8287 ecd642 EnterCriticalSection 8280->8287 8282 ecf1f8 8296 ecf216 8282->8296 8284 ecf18c ___scrt_uninitialize_crt 8284->8282 8288 ecf0ea 8284->8288 8287->8284 8289 ecf0f6 CallCatchBlock 8288->8289 8299 ecf4b2 EnterCriticalSection 8289->8299 8291 ecf100 ___scrt_uninitialize_crt 8292 ecf14c 8291->8292 8300 ecf330 8291->8300 8313 ecf16a 8292->8313 8415 ecd68a LeaveCriticalSection 8296->8415 8298 ecf204 8298->8270 8299->8291 8301 ecf345 ___std_exception_copy 8300->8301 8302 ecf34c 8301->8302 8303 ecf357 8301->8303 8304 ecf222 ___scrt_uninitialize_crt 70 API calls 8302->8304 8316 ecf2c7 8303->8316 8312 ecf352 8304->8312 8307 ecb776 ___std_exception_copy 41 API calls 8309 ecf38f 8307->8309 8309->8292 8310 ecf378 8329 ed0f24 8310->8329 8312->8307 8414 ecf4c6 LeaveCriticalSection 8313->8414 8315 ecf158 8315->8284 8317 ecf307 8316->8317 8318 ecf2e0 8316->8318 8317->8312 8322 ed065c 8317->8322 8318->8317 8319 ed065c ___scrt_uninitialize_crt 41 API calls 8318->8319 8320 ecf2fc 8319->8320 8340 ed174f 8320->8340 8323 ed067d 8322->8323 8324 ed0668 8322->8324 8323->8310 8325 ecbaf8 ___std_exception_copy 14 API calls 8324->8325 8326 ed066d 8325->8326 8327 ecba3a ___std_exception_copy 41 API calls 8326->8327 8328 ed0678 8327->8328 8328->8310 8330 ed0f35 8329->8330 8331 ed0f42 8329->8331 8333 ecbaf8 ___std_exception_copy 14 API calls 8330->8333 8332 ed0f8b 8331->8332 8335 ed0f69 8331->8335 8334 ecbaf8 ___std_exception_copy 14 API calls 8332->8334 8339 ed0f3a 8333->8339 8336 ed0f90 8334->8336 8381 ed0e82 8335->8381 8338 ecba3a ___std_exception_copy 41 API calls 8336->8338 8338->8339 8339->8312 8341 ed175b CallCatchBlock 8340->8341 8342 ed181f 8341->8342 8344 ed1763 8341->8344 8345 ed17b0 8341->8345 8343 ecb9bd ___std_exception_copy 41 API calls 8342->8343 8343->8344 8344->8317 8351 ecf701 EnterCriticalSection 8345->8351 8347 ed17b6 8348 ed17d3 8347->8348 8352 ed1857 8347->8352 8378 ed1817 8348->8378 8351->8347 8353 ed187c 8352->8353 8376 ed189f ___scrt_uninitialize_crt 8352->8376 8354 ed1880 8353->8354 8356 ed18de 8353->8356 8355 ecb9bd ___std_exception_copy 41 API calls 8354->8355 8355->8376 8357 ed1f2e ___scrt_uninitialize_crt 43 API calls 8356->8357 8359 ed18f5 8356->8359 8357->8359 8358 ed13db ___scrt_uninitialize_crt 42 API calls 8360 ed18ff 8358->8360 8359->8358 8361 ed1945 8360->8361 8362 ed1905 8360->8362 8363 ed1959 8361->8363 8364 ed19a8 WriteFile 8361->8364 8365 ed190c 8362->8365 8366 ed192f 8362->8366 8367 ed1996 8363->8367 8368 ed1961 8363->8368 8369 ed19ca GetLastError 8364->8369 8364->8376 8373 ed1373 ___scrt_uninitialize_crt 6 API calls 8365->8373 8365->8376 8370 ed0fa1 ___scrt_uninitialize_crt 47 API calls 8366->8370 8374 ed1459 ___scrt_uninitialize_crt 7 API calls 8367->8374 8371 ed1984 8368->8371 8372 ed1966 8368->8372 8369->8376 8370->8376 8375 ed161d ___scrt_uninitialize_crt 8 API calls 8371->8375 8372->8376 8377 ed1534 ___scrt_uninitialize_crt 7 API calls 8372->8377 8373->8376 8374->8376 8375->8376 8376->8348 8377->8376 8379 ecf724 ___scrt_uninitialize_crt LeaveCriticalSection 8378->8379 8380 ed181d 8379->8380 8380->8344 8382 ed0e8e CallCatchBlock 8381->8382 8394 ecf701 EnterCriticalSection 8382->8394 8384 ed0e9d 8385 ed0ee2 8384->8385 8395 ecf7d8 8384->8395 8387 ecbaf8 ___std_exception_copy 14 API calls 8385->8387 8389 ed0ee9 8387->8389 8388 ed0ec9 FlushFileBuffers 8388->8389 8390 ed0ed5 GetLastError 8388->8390 8411 ed0f18 8389->8411 8408 ecbae5 8390->8408 8394->8384 8396 ecf7fa 8395->8396 8397 ecf7e5 8395->8397 8400 ecbae5 ___scrt_uninitialize_crt 14 API calls 8396->8400 8402 ecf81f 8396->8402 8398 ecbae5 ___scrt_uninitialize_crt 14 API calls 8397->8398 8399 ecf7ea 8398->8399 8401 ecbaf8 ___std_exception_copy 14 API calls 8399->8401 8403 ecf82a 8400->8403 8405 ecf7f2 8401->8405 8402->8388 8404 ecbaf8 ___std_exception_copy 14 API calls 8403->8404 8406 ecf832 8404->8406 8405->8388 8407 ecba3a ___std_exception_copy 41 API calls 8406->8407 8407->8405 8409 ecd391 CallUnexpected 14 API calls 8408->8409 8410 ecbaea 8409->8410 8410->8385 8412 ecf724 ___scrt_uninitialize_crt LeaveCriticalSection 8411->8412 8413 ed0f01 8412->8413 8413->8339 8414->8315 8415->8298 9828 ecd107 9829 ecd112 9828->9829 9833 ecd122 9828->9833 9834 ecd128 9829->9834 9832 ecd52b ___free_lconv_mon 14 API calls 9832->9833 9835 ecd13d 9834->9835 9838 ecd143 9834->9838 9836 ecd52b ___free_lconv_mon 14 API calls 9835->9836 9836->9838 9837 ecd52b ___free_lconv_mon 14 API calls 9839 ecd14f 9837->9839 9838->9837 9840 ecd52b ___free_lconv_mon 14 API calls 9839->9840 9841 ecd15a 9840->9841 9842 ecd52b ___free_lconv_mon 14 API calls 9841->9842 9843 ecd165 9842->9843 9844 ecd52b ___free_lconv_mon 14 API calls 9843->9844 9845 ecd170 9844->9845 9846 ecd52b ___free_lconv_mon 14 API calls 9845->9846 9847 ecd17b 9846->9847 9848 ecd52b ___free_lconv_mon 14 API calls 9847->9848 9849 ecd186 9848->9849 9850 ecd52b ___free_lconv_mon 14 API calls 9849->9850 9851 ecd191 9850->9851 9852 ecd52b ___free_lconv_mon 14 API calls 9851->9852 9853 ecd19c 9852->9853 9854 ecd52b ___free_lconv_mon 14 API calls 9853->9854 9855 ecd1aa 9854->9855 9860 eccf54 9855->9860 9861 eccf60 CallCatchBlock 9860->9861 9876 ecd642 EnterCriticalSection 9861->9876 9863 eccf94 9877 eccfb3 9863->9877 9865 eccf6a 9865->9863 9867 ecd52b ___free_lconv_mon 14 API calls 9865->9867 9867->9863 9868 eccfbf 9869 eccfcb CallCatchBlock 9868->9869 9881 ecd642 EnterCriticalSection 9869->9881 9871 eccfd5 9872 ecd1f5 _unexpected 14 API calls 9871->9872 9873 eccfe8 9872->9873 9882 ecd008 9873->9882 9876->9865 9880 ecd68a LeaveCriticalSection 9877->9880 9879 eccfa1 9879->9868 9880->9879 9881->9871 9885 ecd68a LeaveCriticalSection 9882->9885 9884 eccff6 9884->9832 9885->9884 8416 ecd391 GetLastError 8417 ecd3a7 8416->8417 8420 ecd3ad 8416->8420 8418 ece902 _unexpected 6 API calls 8417->8418 8418->8420 8419 ece941 _unexpected 6 API calls 8421 ecd3c9 8419->8421 8420->8419 8436 ecd3b1 SetLastError 8420->8436 8423 ecd6d2 _unexpected 12 API calls 8421->8423 8421->8436 8424 ecd3de 8423->8424 8425 ecd3e6 8424->8425 8426 ecd3f7 8424->8426 8428 ece941 _unexpected 6 API calls 8425->8428 8427 ece941 _unexpected 6 API calls 8426->8427 8429 ecd403 8427->8429 8430 ecd3f4 8428->8430 8431 ecd41e 8429->8431 8432 ecd407 8429->8432 8434 ecd52b ___free_lconv_mon 12 API calls 8430->8434 8435 ecd06e _unexpected 12 API calls 8431->8435 8433 ece941 _unexpected 6 API calls 8432->8433 8433->8430 8434->8436 8437 ecd429 8435->8437 8438 ecd52b ___free_lconv_mon 12 API calls 8437->8438 8438->8436

                                                                                                                                                                            Executed Functions

                                                                                                                                                                            Function 00EC6C1E Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 61libraryloaderCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll,SetDefaultDllDirectories), ref: 00EC6C2C
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 00EC6C33
                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,00000000,00000000), ref: 00EC6C72
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,DllEntry), ref: 00EC6C8D
                                                                                                                                                                            • GetCommandLineW.KERNEL32(?), ref: 00EC6C9C
                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 00EC6CAF
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000001.00000002.2391246047.0000000000EC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                            • Associated: 00000001.00000002.2391217879.0000000000EC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            • Associated: 00000001.00000002.2391283399.0000000000ED5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            • Associated: 00000001.00000002.2391313227.0000000000ED7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_1_2_ec0000_BraveUpdate.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AddressLibraryProc$CommandFreeHandleLineLoadModule
                                                                                                                                                                            • String ID: DllEntry$SetDefaultDllDirectories$kernel32.dll
                                                                                                                                                                            • API String ID: 1042781669-3472957018
                                                                                                                                                                            • Opcode ID: d6a792e8afab8f5b605d28209a97a215bb77cd1138a965f98ec31a69f6286033
                                                                                                                                                                            • Instruction ID: f06575faec30a5baf44e88ffdecb72f752b5ba59ee2e9f9dd2a9d0e8d2ababfe
                                                                                                                                                                            • Opcode Fuzzy Hash: d6a792e8afab8f5b605d28209a97a215bb77cd1138a965f98ec31a69f6286033
                                                                                                                                                                            • Instruction Fuzzy Hash: 50110C32545315BFC710ABA1EE09FAFB7A8DF44754B10101DFC42F7290EA269D0657B0
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00ECD391 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 67COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            • GetLastError.KERNEL32(00000000,00000000,00ECBAFD,00ECD5CB,?,00ECBB6F,00000000,00ECC8BB,00000004,?,00000000,?,00ECC6B5,?,00000004,00000004), ref: 00ECD395
                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 00ECD437
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000001.00000002.2391246047.0000000000EC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                            • Associated: 00000001.00000002.2391217879.0000000000EC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            • Associated: 00000001.00000002.2391283399.0000000000ED5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            • Associated: 00000001.00000002.2391313227.0000000000ED7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_1_2_ec0000_BraveUpdate.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ErrorLast
                                                                                                                                                                            • String ID: hP
                                                                                                                                                                            • API String ID: 1452528299-3495833320
                                                                                                                                                                            • Opcode ID: 67ee27870ac2756ed01fd82e666153c91fe69b7a0f740a87c8fe843b417e3c5b
                                                                                                                                                                            • Instruction ID: 68d8bd8a461ca80d0ab1d639c3cee4de072efce9a3c9f8415a44a9b28fe5c4e5
                                                                                                                                                                            • Opcode Fuzzy Hash: 67ee27870ac2756ed01fd82e666153c91fe69b7a0f740a87c8fe843b417e3c5b
                                                                                                                                                                            • Instruction Fuzzy Hash: D311483220D3056FD7103BBA6FD6F6A229CEB413B9754213EF511B12D1DA638C0B62A0
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00ECBEC7 Relevance: 4.5, APIs: 3, Instructions: 15COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?,?,00ECBEC1,?,00ECB83D,?,?,CD28DBDC,00ECB83D,?), ref: 00ECBED8
                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000,?,00ECBEC1,?,00ECB83D,?,?,CD28DBDC,00ECB83D,?), ref: 00ECBEDF
                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 00ECBEF1
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000001.00000002.2391246047.0000000000EC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                            • Associated: 00000001.00000002.2391217879.0000000000EC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            • Associated: 00000001.00000002.2391283399.0000000000ED5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            • Associated: 00000001.00000002.2391313227.0000000000ED7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_1_2_ec0000_BraveUpdate.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Process$CurrentExitTerminate
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1703294689-0
                                                                                                                                                                            • Opcode ID: a86d488a85a280f3f6308f463f0372c2ae932659ffc66ba1332a70beb20d33f1
                                                                                                                                                                            • Instruction ID: 193ce17c93165b8dc244686a2a472b743ca3fa5700d2d4ec237099cb547cd1dc
                                                                                                                                                                            • Opcode Fuzzy Hash: a86d488a85a280f3f6308f463f0372c2ae932659ffc66ba1332a70beb20d33f1
                                                                                                                                                                            • Instruction Fuzzy Hash: 93D09E32005148AFCF012F62EE0EE993F66FF44741F445019BA5966171EB329A57DA91
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00EC6887 Relevance: 3.1, APIs: 2, Instructions: 122COMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(00000000,00000000,00000104,00000104), ref: 00EC68B9
                                                                                                                                                                            • SHGetFolderPathW.SHELL32(00000000,00000026,00000000,00000000,00000000,00000104,?,?,00000000), ref: 00EC697C
                                                                                                                                                                              • Part of subcall function 00EC6F7D: FindResourceExW.KERNEL32(00000000,00000006,00000000,00000000,00000000,?,?,00000000,?,?,00EC6912,-00000010), ref: 00EC6FAE
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000001.00000002.2391246047.0000000000EC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                            • Associated: 00000001.00000002.2391217879.0000000000EC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            • Associated: 00000001.00000002.2391283399.0000000000ED5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            • Associated: 00000001.00000002.2391313227.0000000000ED7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_1_2_ec0000_BraveUpdate.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: FileFindFolderModuleNamePathResource
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2248019921-0
                                                                                                                                                                            • Opcode ID: 20cbf74e1d5450788db05319f317e75221c0fabfa58ef52706b27ba95378fa3b
                                                                                                                                                                            • Instruction ID: 584c21b1296a6c742deb50dac9e1eb4f08748c32d90223b0198973278574f3e7
                                                                                                                                                                            • Opcode Fuzzy Hash: 20cbf74e1d5450788db05319f317e75221c0fabfa58ef52706b27ba95378fa3b
                                                                                                                                                                            • Instruction Fuzzy Hash: 8A416071E00119ABCB04FFA4DA95EFFB7B9AF40304B10516DA812B7291EB329E06CB50
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00ECD6D2 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 119 ecd6d2-ecd6dd 120 ecd6df-ecd6e9 119->120 121 ecd6eb-ecd6f1 119->121 120->121 122 ecd71f-ecd72a call ecbaf8 120->122 123 ecd70a-ecd71b RtlAllocateHeap 121->123 124 ecd6f3-ecd6f4 121->124 128 ecd72c-ecd72e 122->128 125 ecd71d 123->125 126 ecd6f6-ecd6fd call eccc5f 123->126 124->123 125->128 126->122 132 ecd6ff-ecd708 call eced5b 126->132 132->122 132->123
                                                                                                                                                                            APIs
                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000008,?,?,?,00ECD3DE,00000001,00000364,?,00000006,000000FF,?,00ECBB6F,00000000,00ECC8BB,00000004), ref: 00ECD713
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000001.00000002.2391246047.0000000000EC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                            • Associated: 00000001.00000002.2391217879.0000000000EC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            • Associated: 00000001.00000002.2391283399.0000000000ED5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            • Associated: 00000001.00000002.2391313227.0000000000ED7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_1_2_ec0000_BraveUpdate.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                                            • Opcode ID: 0085f940df8f32ae92165394b48694ff5497cc9cb80b4822fce7fd441b50bdfc
                                                                                                                                                                            • Instruction ID: 668d01fe8295659970e71d1b81febaebcf2a6e697a024b22a40ae7322a3662b1
                                                                                                                                                                            • Opcode Fuzzy Hash: 0085f940df8f32ae92165394b48694ff5497cc9cb80b4822fce7fd441b50bdfc
                                                                                                                                                                            • Instruction Fuzzy Hash: 27F0B432509124AA9B215A76DE45F5B7788EB417A4B14613BF81CB6194CA73D80382A0
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                            Function 00ECD9B3 Relevance: 6.1, APIs: 4, Instructions: 129fileCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000), ref: 00ECDA4E
                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,?), ref: 00ECDAC9
                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00ECDAEB
                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00ECDB0E
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000001.00000002.2391246047.0000000000EC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                            • Associated: 00000001.00000002.2391217879.0000000000EC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            • Associated: 00000001.00000002.2391283399.0000000000ED5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            • Associated: 00000001.00000002.2391313227.0000000000ED7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_1_2_ec0000_BraveUpdate.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Find$CloseFile$FirstNext
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1164774033-0
                                                                                                                                                                            • Opcode ID: 503435f99e15cb89037593e495853b6b22e8d2a0390d574ca27cf574ef0e8e3c
                                                                                                                                                                            • Instruction ID: b3b0fa59097bf18515e0c0fb74038b2330b2ca7279d05fa30895bcbb48980a11
                                                                                                                                                                            • Opcode Fuzzy Hash: 503435f99e15cb89037593e495853b6b22e8d2a0390d574ca27cf574ef0e8e3c
                                                                                                                                                                            • Instruction Fuzzy Hash: 4841C971909219AEDB20DF65DD88FEAB3B8EB84308F1451A9E405F7144E6339E85CB54
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00EC7BB0 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00EC7BBC
                                                                                                                                                                            • IsDebuggerPresent.KERNEL32 ref: 00EC7C88
                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00EC7CA8
                                                                                                                                                                            • UnhandledExceptionFilter.KERNEL32(?), ref: 00EC7CB2
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000001.00000002.2391246047.0000000000EC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                            • Associated: 00000001.00000002.2391217879.0000000000EC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            • Associated: 00000001.00000002.2391283399.0000000000ED5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            • Associated: 00000001.00000002.2391313227.0000000000ED7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_1_2_ec0000_BraveUpdate.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 254469556-0
                                                                                                                                                                            • Opcode ID: fe401992bd84c65ba8f0972609c017f4c5bd35c946977bbc97e0dd87a7f081d5
                                                                                                                                                                            • Instruction ID: f78f3de7209f57f49f3cde51ddd774cab9828d724a4e3078d2d4c953d0d93fd5
                                                                                                                                                                            • Opcode Fuzzy Hash: fe401992bd84c65ba8f0972609c017f4c5bd35c946977bbc97e0dd87a7f081d5
                                                                                                                                                                            • Instruction Fuzzy Hash: B8314975D05218DFDB11DFA1D989BCDBBF8AF08304F1040AAE44DAB290EB719A89CF44
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00EC7423 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 51libraryloaderCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 225 ec7423-ec7444 InitializeCriticalSectionAndSpinCount GetModuleHandleW 226 ec7446-ec7455 GetModuleHandleW 225->226 227 ec7457-ec7473 GetProcAddress * 2 225->227 226->227 228 ec749d-ec74b7 call ec7bb0 DeleteCriticalSection 226->228 229 ec7475-ec7477 227->229 230 ec7487-ec749b CreateEventW 227->230 235 ec74b9-ec74ba CloseHandle 228->235 236 ec74c0 228->236 229->230 231 ec7479-ec747f 229->231 230->228 232 ec7484-ec7486 230->232 231->232 235->236
                                                                                                                                                                            APIs
                                                                                                                                                                            • InitializeCriticalSectionAndSpinCount.KERNEL32(00ED592C,00000FA0,?,?,00EC7401), ref: 00EC742F
                                                                                                                                                                            • GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,00EC7401), ref: 00EC743A
                                                                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,00EC7401), ref: 00EC744B
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00EC745D
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00EC746B
                                                                                                                                                                            • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,00EC7401), ref: 00EC748E
                                                                                                                                                                            • DeleteCriticalSection.KERNEL32(00ED592C,00000007,?,?,00EC7401), ref: 00EC74AA
                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,00EC7401), ref: 00EC74BA
                                                                                                                                                                            Strings
                                                                                                                                                                            • kernel32.dll, xrefs: 00EC7446
                                                                                                                                                                            • SleepConditionVariableCS, xrefs: 00EC7457
                                                                                                                                                                            • WakeAllConditionVariable, xrefs: 00EC7463
                                                                                                                                                                            • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00EC7435
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000001.00000002.2391246047.0000000000EC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                            • Associated: 00000001.00000002.2391217879.0000000000EC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            • Associated: 00000001.00000002.2391283399.0000000000ED5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            • Associated: 00000001.00000002.2391313227.0000000000ED7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_1_2_ec0000_BraveUpdate.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
                                                                                                                                                                            • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                            • API String ID: 2565136772-3242537097
                                                                                                                                                                            • Opcode ID: b744dafd109f42a0ba5e1537b28614a2b068d8eb0a4e276d44c214281c6975a8
                                                                                                                                                                            • Instruction ID: f9208e82ac9ccacc31c71a28af77d3326317fbb4920fa69d4860d82fd2410c11
                                                                                                                                                                            • Opcode Fuzzy Hash: b744dafd109f42a0ba5e1537b28614a2b068d8eb0a4e276d44c214281c6975a8
                                                                                                                                                                            • Instruction Fuzzy Hash: C601D83264B710AFD7211B767E1DF2A3B58EB80765B04145BFD94F22D0EA71CC4A8A60
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00ECA670 Relevance: 17.8, APIs: 6, Strings: 4, Instructions: 304COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 237 eca670-eca69b call ecb229 240 ecaa14-ecaa19 call eccd36 237->240 241 eca6a1-eca6a4 237->241 241->240 243 eca6aa-eca6b3 241->243 244 eca6b9-eca6bd 243->244 245 eca7b0-eca7b6 243->245 244->245 247 eca6c3-eca6ca 244->247 248 eca7be-eca7cc 245->248 249 eca6cc-eca6d3 247->249 250 eca6e2-eca6e7 247->250 251 eca97d-eca980 248->251 252 eca7d2-eca7d6 248->252 249->250 253 eca6d5-eca6dc 249->253 250->245 256 eca6ed-eca6f5 call ec9b24 250->256 254 eca982-eca985 251->254 255 eca9a3-eca9ac call ec9b24 251->255 252->251 257 eca7dc-eca7e3 252->257 253->245 253->250 254->240 258 eca98b-eca9a0 call ecaa1a 254->258 255->240 272 eca9ae-eca9b2 255->272 256->272 273 eca6fb-eca714 call ec9b24 * 2 256->273 260 eca7fb-eca801 257->260 261 eca7e5-eca7ec 257->261 258->255 267 eca919-eca91d 260->267 268 eca807-eca82e call eca063 260->268 261->260 265 eca7ee-eca7f5 261->265 265->251 265->260 269 eca91f-eca928 call ec990e 267->269 270 eca929-eca935 267->270 268->267 283 eca834-eca837 268->283 269->270 270->255 276 eca937-eca93b 270->276 273->240 298 eca71a-eca720 273->298 280 eca94d-eca955 276->280 281 eca93d-eca945 276->281 285 eca96c-eca979 call ecb0e9 280->285 286 eca957-eca96a call ec9b24 * 2 280->286 281->255 284 eca947-eca94b 281->284 288 eca83a-eca84f 283->288 284->255 284->280 299 eca9d8-eca9ed call ec9b24 * 2 285->299 300 eca97b 285->300 316 eca9b3 call eccc9b 286->316 290 eca8fa-eca90d 288->290 291 eca855-eca858 288->291 290->288 294 eca913-eca916 290->294 291->290 296 eca85e-eca866 291->296 294->267 296->290 301 eca86c-eca880 296->301 303 eca74c-eca754 call ec9b24 298->303 304 eca722-eca726 298->304 332 eca9ef 299->332 333 eca9f2-ecaa0f call eca256 call ecafe9 call ecb1a6 call ecaf60 299->333 300->255 305 eca883-eca893 301->305 319 eca7b8-eca7bb 303->319 320 eca756-eca776 call ec9b24 * 2 call ecb0e9 303->320 304->303 309 eca728-eca72f 304->309 312 eca8bb-eca8c8 305->312 313 eca895-eca8a8 call ecab50 305->313 310 eca731-eca738 309->310 311 eca743-eca746 309->311 310->311 317 eca73a-eca741 310->317 311->240 311->303 312->305 322 eca8ca 312->322 329 eca8cc-eca8f4 call eca5f0 313->329 330 eca8aa-eca8b0 313->330 328 eca9b8-eca9d3 call ec990e call ecacfb call ecb2d6 316->328 317->303 317->311 319->248 320->319 350 eca778-eca77d 320->350 327 eca8f7 322->327 327->290 328->299 329->327 330->313 336 eca8b2-eca8b8 330->336 332->333 333->240 336->312 350->316 353 eca783-eca796 call ecad50 350->353 353->328 357 eca79c-eca7a8 353->357 357->316 358 eca7ae 357->358 358->353
                                                                                                                                                                            APIs
                                                                                                                                                                            • IsInExceptionSpec.LIBVCRUNTIME ref: 00ECA76D
                                                                                                                                                                            • type_info::operator==.LIBVCRUNTIME ref: 00ECA78F
                                                                                                                                                                            • ___TypeMatch.LIBVCRUNTIME ref: 00ECA89E
                                                                                                                                                                            • IsInExceptionSpec.LIBVCRUNTIME ref: 00ECA970
                                                                                                                                                                            • _UnwindNestedFrames.LIBCMT ref: 00ECA9F4
                                                                                                                                                                            • CallUnexpected.LIBVCRUNTIME ref: 00ECAA0F
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000001.00000002.2391246047.0000000000EC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                            • Associated: 00000001.00000002.2391217879.0000000000EC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            • Associated: 00000001.00000002.2391283399.0000000000ED5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            • Associated: 00000001.00000002.2391313227.0000000000ED7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_1_2_ec0000_BraveUpdate.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                                                                                                            • String ID: csm$csm$csm$I
                                                                                                                                                                            • API String ID: 2123188842-2268701674
                                                                                                                                                                            • Opcode ID: b970b6e1e970c6097c16c7de9f03ac4c0aa8af409b0d98f8d11fda833a4c5abc
                                                                                                                                                                            • Instruction ID: 8d7350b99af17204238dd5121fd1b9f363cfcfd536a42bbbaa3f4139d7411b91
                                                                                                                                                                            • Opcode Fuzzy Hash: b970b6e1e970c6097c16c7de9f03ac4c0aa8af409b0d98f8d11fda833a4c5abc
                                                                                                                                                                            • Instruction Fuzzy Hash: 10B14C71800209EFCF19DF94DA45E9EB7B5FF44318B19616EE8117B212D332DA52CB92
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00EC6A8C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 123COMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(?,?,00000104), ref: 00EC6AE1
                                                                                                                                                                            • PathRemoveFileSpecW.SHLWAPI(?,?,?,00000104), ref: 00EC6AFC
                                                                                                                                                                            • PathAppendW.SHLWAPI(?,goopdate.dll,?,?,00000104), ref: 00EC6B2B
                                                                                                                                                                              • Part of subcall function 00EC6820: GetLastError.KERNEL32(00EC6AF0,?,?,00000104), ref: 00EC6820
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000001.00000002.2391246047.0000000000EC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                            • Associated: 00000001.00000002.2391217879.0000000000EC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            • Associated: 00000001.00000002.2391283399.0000000000ED5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            • Associated: 00000001.00000002.2391313227.0000000000ED7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_1_2_ec0000_BraveUpdate.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: FilePath$AppendErrorLastModuleNameRemoveSpec
                                                                                                                                                                            • String ID: goopdate.dll
                                                                                                                                                                            • API String ID: 3739599460-235033069
                                                                                                                                                                            • Opcode ID: 1e22e15760e1d61632577609a4020572f2683a814ef038c0c80401298d207d32
                                                                                                                                                                            • Instruction ID: d2fcc30944d0a715120a1af12594121696a6429b7a55f067e3795969cbadb942
                                                                                                                                                                            • Opcode Fuzzy Hash: 1e22e15760e1d61632577609a4020572f2683a814ef038c0c80401298d207d32
                                                                                                                                                                            • Instruction Fuzzy Hash: 584166B290121D9ACF20EB64DE45FDBB7BC9F44344F1055EAA505F3142EA32DE8A8A64
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00EC97B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 405 ec97b0-ec9801 call ed4430 call ec9770 call ec9de7 412 ec985d-ec9860 405->412 413 ec9803-ec9815 405->413 415 ec9880-ec9889 412->415 416 ec9862-ec986f call ec9dd0 412->416 414 ec9817-ec982e 413->414 413->415 417 ec9844 414->417 418 ec9830-ec983e call ec9d70 414->418 422 ec9874-ec987d call ec9770 416->422 421 ec9847-ec984c 417->421 427 ec9854-ec985b 418->427 428 ec9840 418->428 421->414 424 ec984e-ec9850 421->424 422->415 424->415 429 ec9852 424->429 427->422 430 ec988a-ec9893 428->430 431 ec9842 428->431 429->422 432 ec98cd-ec98dd call ec9db0 430->432 433 ec9895-ec989c 430->433 431->421 438 ec98df-ec98ee call ec9dd0 432->438 439 ec98f1-ec990d call ec9770 call ec9d90 432->439 433->432 434 ec989e-ec98ad call ed4230 433->434 443 ec98af-ec98c7 434->443 444 ec98ca 434->444 438->439 443->444 444->432
                                                                                                                                                                            APIs
                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00EC97E7
                                                                                                                                                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 00EC97EF
                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00EC9878
                                                                                                                                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 00EC98A3
                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00EC98F8
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000001.00000002.2391246047.0000000000EC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                            • Associated: 00000001.00000002.2391217879.0000000000EC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            • Associated: 00000001.00000002.2391283399.0000000000ED5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            • Associated: 00000001.00000002.2391313227.0000000000ED7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_1_2_ec0000_BraveUpdate.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                            • String ID: csm
                                                                                                                                                                            • API String ID: 1170836740-1018135373
                                                                                                                                                                            • Opcode ID: 9273812e5f25b77baa69e021f041195ea8c3f4552d73ce38b84550b92190d206
                                                                                                                                                                            • Instruction ID: afb1c0f0cf32a07c23252832754b27a9ace99c2388dfaf7e763b6509305c7390
                                                                                                                                                                            • Opcode Fuzzy Hash: 9273812e5f25b77baa69e021f041195ea8c3f4552d73ce38b84550b92190d206
                                                                                                                                                                            • Instruction Fuzzy Hash: 6941A135A00209DBCF14DF68C988F9EBBE5AF46318F14915AE8157B393D7369A06CB90
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00ECE6F6 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 451 ece6f6-ece702 452 ece794-ece797 451->452 453 ece79d 452->453 454 ece707-ece718 452->454 455 ece79f-ece7a3 453->455 456 ece71a-ece71d 454->456 457 ece725-ece73e LoadLibraryExW 454->457 458 ece7bd-ece7bf 456->458 459 ece723 456->459 460 ece7a4-ece7b4 457->460 461 ece740-ece749 GetLastError 457->461 458->455 465 ece791 459->465 460->458 464 ece7b6-ece7b7 FreeLibrary 460->464 462 ece74b-ece75d call eccec8 461->462 463 ece782-ece78f 461->463 462->463 468 ece75f-ece771 call eccec8 462->468 463->465 464->458 465->452 468->463 471 ece773-ece780 LoadLibraryExW 468->471 471->460 471->463
                                                                                                                                                                            APIs
                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,00ECE803,00ECC8BB,0000000C,?,00000000,00000000,?,00ECE95D,00000021,FlsSetValue,00EC2924,00EC292C,?), ref: 00ECE7B7
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000001.00000002.2391246047.0000000000EC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                            • Associated: 00000001.00000002.2391217879.0000000000EC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            • Associated: 00000001.00000002.2391283399.0000000000ED5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            • Associated: 00000001.00000002.2391313227.0000000000ED7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_1_2_ec0000_BraveUpdate.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: FreeLibrary
                                                                                                                                                                            • String ID: api-ms-$ext-ms-
                                                                                                                                                                            • API String ID: 3664257935-537541572
                                                                                                                                                                            • Opcode ID: 2cdf0b26caee4fa0867418425a6e33595cc1138cb2338b40e35547838a38e9cf
                                                                                                                                                                            • Instruction ID: 72a01c5742da14164debbec939cf55b80654db8746173ea0957ab2f847b337d0
                                                                                                                                                                            • Opcode Fuzzy Hash: 2cdf0b26caee4fa0867418425a6e33595cc1138cb2338b40e35547838a38e9cf
                                                                                                                                                                            • Instruction Fuzzy Hash: 0721E732A02311AFCB219B65EE40F5A3768EF42764B25216AED15B73D1E732ED06C6D0
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00ED0FA1 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 338fileCOMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetConsoleOutputCP.KERNEL32(CD28DBDC,?,00000000,?), ref: 00ED1004
                                                                                                                                                                              • Part of subcall function 00ECE586: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00ED0D65,?,00000000,-00000008), ref: 00ECE632
                                                                                                                                                                            • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00ED125F
                                                                                                                                                                            • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00ED12A7
                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00ED134A
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000001.00000002.2391246047.0000000000EC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                            • Associated: 00000001.00000002.2391217879.0000000000EC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            • Associated: 00000001.00000002.2391283399.0000000000ED5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            • Associated: 00000001.00000002.2391313227.0000000000ED7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_1_2_ec0000_BraveUpdate.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                                                                            • String ID: 9E
                                                                                                                                                                            • API String ID: 2112829910-3001708350
                                                                                                                                                                            • Opcode ID: 78ad010f1a041cee7c2606ef83299774c6f834671a2a71a7463e419cb07be097
                                                                                                                                                                            • Instruction ID: fbcbb775f03a4925c97ba2598f8ae0831e0d40ce5d92b27e00c8595e10efb3a6
                                                                                                                                                                            • Opcode Fuzzy Hash: 78ad010f1a041cee7c2606ef83299774c6f834671a2a71a7463e419cb07be097
                                                                                                                                                                            • Instruction Fuzzy Hash: 59D156B5E04258AFCB15CFE8D880AADBBF5FF09314F18416AE856FB351D630A946CB50
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00EC9B32 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetLastError.KERNEL32(?,?,00EC9B29,00EC9ABA,00EC7D97), ref: 00EC9B40
                                                                                                                                                                            • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00EC9B4E
                                                                                                                                                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00EC9B67
                                                                                                                                                                            • SetLastError.KERNEL32(00000000,00EC9B29,00EC9ABA,00EC7D97), ref: 00EC9BB9
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000001.00000002.2391246047.0000000000EC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                            • Associated: 00000001.00000002.2391217879.0000000000EC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            • Associated: 00000001.00000002.2391283399.0000000000ED5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            • Associated: 00000001.00000002.2391313227.0000000000ED7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_1_2_ec0000_BraveUpdate.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3852720340-0
                                                                                                                                                                            • Opcode ID: 206024577e59d7043528cfc24f16678cdd2327efc5ff8ccb2fb371a1827d2002
                                                                                                                                                                            • Instruction ID: 2500db386d24145148acab78f56befc8e6eeca6d3f00b9a929b4467362d0a72a
                                                                                                                                                                            • Opcode Fuzzy Hash: 206024577e59d7043528cfc24f16678cdd2327efc5ff8ccb2fb371a1827d2002
                                                                                                                                                                            • Instruction Fuzzy Hash: 6001B53321E7116EE62427757E9DF6627A4EB51BBAB20122EF510B40E2EF134C175194
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00EC9E17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,?,00EC9ED8,?,?,00ED5CEC,00000000,?,00ECA003,00000004,InitializeCriticalSectionEx,00EC1C14,InitializeCriticalSectionEx,00000000), ref: 00EC9EA7
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000001.00000002.2391246047.0000000000EC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                            • Associated: 00000001.00000002.2391217879.0000000000EC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            • Associated: 00000001.00000002.2391283399.0000000000ED5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            • Associated: 00000001.00000002.2391313227.0000000000ED7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_1_2_ec0000_BraveUpdate.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: FreeLibrary
                                                                                                                                                                            • String ID: api-ms-
                                                                                                                                                                            • API String ID: 3664257935-2084034818
                                                                                                                                                                            • Opcode ID: 645b8f15a6aee2de9da89033f9c05383340baec19673979e9cc31c46ae013bf7
                                                                                                                                                                            • Instruction ID: 16073dd81d39644ac028883f6444a37553b1f5bdba094446206e2e9268594e42
                                                                                                                                                                            • Opcode Fuzzy Hash: 645b8f15a6aee2de9da89033f9c05383340baec19673979e9cc31c46ae013bf7
                                                                                                                                                                            • Instruction Fuzzy Hash: CC11E732A45720AFCB21CB689D08F9A33D4AF12764F111119E900FB2C1E722EC028AD1
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00EC664F Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 53memoryCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetProcessHeap.KERNEL32(?,?,00EC6DDF,?,00EC6898), ref: 00EC6692
                                                                                                                                                                            • __Init_thread_footer.LIBCMT ref: 00EC66B9
                                                                                                                                                                              • Part of subcall function 00EC750B: EnterCriticalSection.KERNEL32(00ED592C,00ED64A0,?,?,00EC6688,00ED64A0,?,?,00EC6DDF,?,00EC6898), ref: 00EC7516
                                                                                                                                                                              • Part of subcall function 00EC750B: LeaveCriticalSection.KERNEL32(00ED592C,?,00EC6688,00ED64A0,?,?,00EC6DDF,?,00EC6898), ref: 00EC7553
                                                                                                                                                                            • __Init_thread_footer.LIBCMT ref: 00EC671B
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000001.00000002.2391246047.0000000000EC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                            • Associated: 00000001.00000002.2391217879.0000000000EC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            • Associated: 00000001.00000002.2391283399.0000000000ED5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            • Associated: 00000001.00000002.2391313227.0000000000ED7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_1_2_ec0000_BraveUpdate.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CriticalInit_thread_footerSection$EnterHeapLeaveProcess
                                                                                                                                                                            • String ID: 'g$]
                                                                                                                                                                            • API String ID: 3363689876-702792772
                                                                                                                                                                            • Opcode ID: d892d8af42959b4ad5438822ea4998b7925076613775c7959ded17e32738c540
                                                                                                                                                                            • Instruction ID: 3745836ee54822c90899de635b19c7a7ed9e8bb8ff3aeb5011bbbb858664b014
                                                                                                                                                                            • Opcode Fuzzy Hash: d892d8af42959b4ad5438822ea4998b7925076613775c7959ded17e32738c540
                                                                                                                                                                            • Instruction Fuzzy Hash: B3115B7250A6109FC7109B26FE4AF1A37E4FB40B39F10251FE175BA2A2C776644B8F10
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00ECBF1A Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,CD28DBDC,?,?,00000000,00ED44E2,000000FF,?,00ECBEED,?,?,00ECBEC1,?), ref: 00ECBF4F
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00ECBF61
                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,00000000,00ED44E2,000000FF,?,00ECBEED,?,?,00ECBEC1,?), ref: 00ECBF83
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000001.00000002.2391246047.0000000000EC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                            • Associated: 00000001.00000002.2391217879.0000000000EC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            • Associated: 00000001.00000002.2391283399.0000000000ED5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            • Associated: 00000001.00000002.2391313227.0000000000ED7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_1_2_ec0000_BraveUpdate.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                            • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                            • API String ID: 4061214504-1276376045
                                                                                                                                                                            • Opcode ID: 330267324377e1ba4aabf4b1ce4151f0d1805f9a1cd182905ab5a1cfd804fd74
                                                                                                                                                                            • Instruction ID: dd1fd050944b3cfc0a12161f9b182898ec2cfa6fdabc569fa5ec7bdef4890401
                                                                                                                                                                            • Opcode Fuzzy Hash: 330267324377e1ba4aabf4b1ce4151f0d1805f9a1cd182905ab5a1cfd804fd74
                                                                                                                                                                            • Instruction Fuzzy Hash: 72018F31A08656EFDB118F51DD05FAEBBB8FB04B15F00422AE811F22D0EB759804CA90
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00EC7593 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • SleepConditionVariableCS.KERNELBASE(?,00EC7530,00000064), ref: 00EC75B6
                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(00ED592C,?,?,00EC7530,00000064,?,00EC6688,00ED64A0,?,?,00EC6DDF,?,00EC6898), ref: 00EC75C0
                                                                                                                                                                            • WaitForSingleObjectEx.KERNEL32(?,00000000,?,00EC7530,00000064,?,00EC6688,00ED64A0,?,?,00EC6DDF,?,00EC6898), ref: 00EC75D1
                                                                                                                                                                            • EnterCriticalSection.KERNEL32(00ED592C,?,00EC7530,00000064,?,00EC6688,00ED64A0,?,?,00EC6DDF,?,00EC6898), ref: 00EC75D8
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000001.00000002.2391246047.0000000000EC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                            • Associated: 00000001.00000002.2391217879.0000000000EC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            • Associated: 00000001.00000002.2391283399.0000000000ED5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            • Associated: 00000001.00000002.2391313227.0000000000ED7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_1_2_ec0000_BraveUpdate.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
                                                                                                                                                                            • String ID: ,Y
                                                                                                                                                                            • API String ID: 3269011525-2465771
                                                                                                                                                                            • Opcode ID: 7d120a447185817f0712d3cc7ac5e6eb54b78e213f9b62f4429dd68d08bd3b06
                                                                                                                                                                            • Instruction ID: b68cd8ea24fb1b4e421ca2133a1ea759961631291bd67643e888083a02162009
                                                                                                                                                                            • Opcode Fuzzy Hash: 7d120a447185817f0712d3cc7ac5e6eb54b78e213f9b62f4429dd68d08bd3b06
                                                                                                                                                                            • Instruction Fuzzy Hash: E2E09233607A24FFCB112F52FD18BAE3F29EB89731B844017F949762A0977108068BD0
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00ED0BC0 Relevance: 7.7, APIs: 5, Instructions: 202COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 00ED0C47
                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 00ED0D08
                                                                                                                                                                            • __freea.LIBCMT ref: 00ED0D6F
                                                                                                                                                                              • Part of subcall function 00ECFAC8: HeapAlloc.KERNEL32(00000000,00000000,00ECC8BB,?,00ECD5AD,?,00000000,?,00ECBB6F,00000000,00ECC8BB,00000004,?,00000000,?,00ECC6B5), ref: 00ECFAFA
                                                                                                                                                                            • __freea.LIBCMT ref: 00ED0D84
                                                                                                                                                                            • __freea.LIBCMT ref: 00ED0D94
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000001.00000002.2391246047.0000000000EC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                            • Associated: 00000001.00000002.2391217879.0000000000EC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            • Associated: 00000001.00000002.2391283399.0000000000ED5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            • Associated: 00000001.00000002.2391313227.0000000000ED7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_1_2_ec0000_BraveUpdate.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: __freea$__alloca_probe_16$AllocHeap
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1096550386-0
                                                                                                                                                                            • Opcode ID: 47b449fe7d7b7a030bbd876209c71950ed9f5ec9e6ed1ef7089d2506004322bc
                                                                                                                                                                            • Instruction ID: 6d3deb11b7765fc2ed551ae52d26382dd421296a79600a42e6190028b69626cf
                                                                                                                                                                            • Opcode Fuzzy Hash: 47b449fe7d7b7a030bbd876209c71950ed9f5ec9e6ed1ef7089d2506004322bc
                                                                                                                                                                            • Instruction Fuzzy Hash: DE519272600206AFDB259EA4DD81FBF76AADB44754F19122BFC08F6351E771DC1287A0
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00ECA419 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000001.00000002.2391246047.0000000000EC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                            • Associated: 00000001.00000002.2391217879.0000000000EC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            • Associated: 00000001.00000002.2391283399.0000000000ED5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            • Associated: 00000001.00000002.2391313227.0000000000ED7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_1_2_ec0000_BraveUpdate.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AdjustPointer
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1740715915-0
                                                                                                                                                                            • Opcode ID: 62eead67fafefd5bb38716b01cce3fa5c794abce5c4b9282c2f30a9df8673ffd
                                                                                                                                                                            • Instruction ID: d1b86c36442cdfe58747c41af7a7998e63f7c24baff7ac51581e3f1a28be0ee2
                                                                                                                                                                            • Opcode Fuzzy Hash: 62eead67fafefd5bb38716b01cce3fa5c794abce5c4b9282c2f30a9df8673ffd
                                                                                                                                                                            • Instruction Fuzzy Hash: 9051E37150120A9FDB299F54DA45FAA77A5FF0031CF18913DE802A6291E733DC42CB82
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00ED27B6 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,?,00ED1F6A,?,00000001,?,?,?,00ED139E,?,?,00000000), ref: 00ED27CD
                                                                                                                                                                            • GetLastError.KERNEL32(?,00ED1F6A,?,00000001,?,?,?,00ED139E,?,?,00000000,?,?,?,00ED1925,?), ref: 00ED27D9
                                                                                                                                                                              • Part of subcall function 00ED279F: CloseHandle.KERNEL32(FFFFFFFE,00ED27E9,?,00ED1F6A,?,00000001,?,?,?,00ED139E,?,?,00000000,?,?), ref: 00ED27AF
                                                                                                                                                                            • ___initconout.LIBCMT ref: 00ED27E9
                                                                                                                                                                              • Part of subcall function 00ED2761: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00ED2790,00ED1F57,?,?,00ED139E,?,?,00000000,?), ref: 00ED2774
                                                                                                                                                                            • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,00ED1F6A,?,00000001,?,?,?,00ED139E,?,?,00000000,?), ref: 00ED27FE
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000001.00000002.2391246047.0000000000EC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                            • Associated: 00000001.00000002.2391217879.0000000000EC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            • Associated: 00000001.00000002.2391283399.0000000000ED5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            • Associated: 00000001.00000002.2391313227.0000000000ED7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_1_2_ec0000_BraveUpdate.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2744216297-0
                                                                                                                                                                            • Opcode ID: 56a040bed283bb2e9250a052289933fab472a0f5d33ad2ee1ab4d65baf36968e
                                                                                                                                                                            • Instruction ID: 1159d5693b6c726b9e9cd775c649dea521fa6ceb0a4efd8be66d1f8edce3a94b
                                                                                                                                                                            • Opcode Fuzzy Hash: 56a040bed283bb2e9250a052289933fab472a0f5d33ad2ee1ab4d65baf36968e
                                                                                                                                                                            • Instruction Fuzzy Hash: 44F0373B402164BFCF222F92ED059993F65FB18361F005017FE19A5230D631C821EB90
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00ECFD0A Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00ECD52B: HeapFree.KERNEL32(00000000,00000000,?,00ECF9D8,00000000,00000000,00000000,?,00ECF9FD,00000000,00000007,00000000,?,00ECFEA1,00000000,00000000), ref: 00ECD541
                                                                                                                                                                              • Part of subcall function 00ECD52B: GetLastError.KERNEL32(00000000,?,00ECF9D8,00000000,00000000,00000000,?,00ECF9FD,00000000,00000007,00000000,?,00ECFEA1,00000000,00000000), ref: 00ECD54C
                                                                                                                                                                            • ___free_lconv_mon.LIBCMT ref: 00ECFD4E
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000001.00000002.2391246047.0000000000EC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                            • Associated: 00000001.00000002.2391217879.0000000000EC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            • Associated: 00000001.00000002.2391283399.0000000000ED5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            • Associated: 00000001.00000002.2391313227.0000000000ED7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_1_2_ec0000_BraveUpdate.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                            • String ID: (Q$0Q
                                                                                                                                                                            • API String ID: 4068849827-2422991843
                                                                                                                                                                            • Opcode ID: 630b3055ed1dae9936013f017e2635139c79b11aa7e2209c18ddb63704f654e4
                                                                                                                                                                            • Instruction ID: 6fd4bb674b592f5f0d10a569bb6bbf91da1d3340eb226ee6d721d508885b4c9b
                                                                                                                                                                            • Opcode Fuzzy Hash: 630b3055ed1dae9936013f017e2635139c79b11aa7e2209c18ddb63704f654e4
                                                                                                                                                                            • Instruction Fuzzy Hash: 9A316C31A04702DFDB216A78DA45F6A77EAEB01318F10683DE055E7166DB33ED468611
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00ECAA1A Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 00ECAA3F
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000001.00000002.2391246047.0000000000EC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                            • Associated: 00000001.00000002.2391217879.0000000000EC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            • Associated: 00000001.00000002.2391283399.0000000000ED5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            • Associated: 00000001.00000002.2391313227.0000000000ED7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_1_2_ec0000_BraveUpdate.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: EncodePointer
                                                                                                                                                                            • String ID: MOC$RCC
                                                                                                                                                                            • API String ID: 2118026453-2084237596
                                                                                                                                                                            • Opcode ID: 38824d842fc72f9b693bfd401f8ebd7a844a641251cb7688c63819cea15587ae
                                                                                                                                                                            • Instruction ID: 58428ecb1866e41eaa786c13c478a05a519b9109220e9589e586577406d14d4e
                                                                                                                                                                            • Opcode Fuzzy Hash: 38824d842fc72f9b693bfd401f8ebd7a844a641251cb7688c63819cea15587ae
                                                                                                                                                                            • Instruction Fuzzy Hash: 7B41367190020DAFCF15CF98CA81EAEBBB6AF08308F18916DF90476211D2369D52DB52
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00EC69EE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61registryCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(?,Software\BraveSoftware\Update\Clients\{B131C935-9BE6-41DA-9599-1F776BEB8019},00000000,00020019,?,?,?), ref: 00EC6A15
                                                                                                                                                                            • SHQueryValueExW.SHLWAPI(?,00EC5D10,00000000,?,00000000,?,00000032,?,?), ref: 00EC6A58
                                                                                                                                                                            Strings
                                                                                                                                                                            • Software\BraveSoftware\Update\Clients\{B131C935-9BE6-41DA-9599-1F776BEB8019}, xrefs: 00EC6A07
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000001.00000002.2391246047.0000000000EC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                            • Associated: 00000001.00000002.2391217879.0000000000EC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            • Associated: 00000001.00000002.2391283399.0000000000ED5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            • Associated: 00000001.00000002.2391313227.0000000000ED7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_1_2_ec0000_BraveUpdate.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: OpenQueryValue
                                                                                                                                                                            • String ID: Software\BraveSoftware\Update\Clients\{B131C935-9BE6-41DA-9599-1F776BEB8019}
                                                                                                                                                                            • API String ID: 4153817207-790910960
                                                                                                                                                                            • Opcode ID: a27d6183edb38f6d0df708b4775d87a23a0a3f8b784013f6d4375734866c0472
                                                                                                                                                                            • Instruction ID: 70e015cdeed4ccd166330cf9bb946a6f420c3eb5fcc8eb7f4461b955002cc562
                                                                                                                                                                            • Opcode Fuzzy Hash: a27d6183edb38f6d0df708b4775d87a23a0a3f8b784013f6d4375734866c0472
                                                                                                                                                                            • Instruction Fuzzy Hash: 0811CA72D40229AB8B109B698E05FFFBFF8EB40724F105259B811F6180D6758E41C7A0
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00EC73EE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00EC7AC1
                                                                                                                                                                            • ___raise_securityfailure.LIBCMT ref: 00EC7BA9
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000001.00000002.2391246047.0000000000EC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                            • Associated: 00000001.00000002.2391217879.0000000000EC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            • Associated: 00000001.00000002.2391283399.0000000000ED5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            • Associated: 00000001.00000002.2391313227.0000000000ED7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_1_2_ec0000_BraveUpdate.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: FeaturePresentProcessor___raise_securityfailure
                                                                                                                                                                            • String ID: xY
                                                                                                                                                                            • API String ID: 3761405300-3451320032
                                                                                                                                                                            • Opcode ID: aa760d99e5d47072c4baeb827e39e621451065e4200b5a2aa3f0672e3310bee7
                                                                                                                                                                            • Instruction ID: cb3ab696b58dc74ed93edc3b707bbff3b0708e9ecb14a185cadfcb22ff5b3739
                                                                                                                                                                            • Opcode Fuzzy Hash: aa760d99e5d47072c4baeb827e39e621451065e4200b5a2aa3f0672e3310bee7
                                                                                                                                                                            • Instruction Fuzzy Hash: 3721E2B6502B21DED300CF2AFD95B487BA4FB48314F50562FE919ABBA0E3B05589CF44
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00EC6F7D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 56COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00EC7387: EnterCriticalSection.KERNEL32(00ED58FC,?,?,?,00EC6F92,00000000,?,?,00000000,?,?,00EC6912,-00000010), ref: 00EC7392
                                                                                                                                                                              • Part of subcall function 00EC7387: LeaveCriticalSection.KERNEL32(00ED58FC,?,?,?,00EC6F92,00000000,?,?,00000000,?,?,00EC6912,-00000010), ref: 00EC73BE
                                                                                                                                                                            • FindResourceExW.KERNEL32(00000000,00000006,00000000,00000000,00000000,?,?,00000000,?,?,00EC6912,-00000010), ref: 00EC6FAE
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000001.00000002.2391246047.0000000000EC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                            • Associated: 00000001.00000002.2391217879.0000000000EC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            • Associated: 00000001.00000002.2391283399.0000000000ED5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            • Associated: 00000001.00000002.2391313227.0000000000ED7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_1_2_ec0000_BraveUpdate.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CriticalSection$EnterFindLeaveResource
                                                                                                                                                                            • String ID: X$X
                                                                                                                                                                            • API String ID: 2190064429-2819970280
                                                                                                                                                                            • Opcode ID: 9f2f15f716d9a7b5aa63040348bf38bcda205ba463453252405d29eae00d79dd
                                                                                                                                                                            • Instruction ID: a187c4620d3e8e62cae8ade63c67a9670735536622a9db02e41aae92453e2c16
                                                                                                                                                                            • Opcode Fuzzy Hash: 9f2f15f716d9a7b5aa63040348bf38bcda205ba463453252405d29eae00d79dd
                                                                                                                                                                            • Instruction Fuzzy Hash: 7901F7327052502797255A29AA11F7FA6D9CB80B94F10103EFD42F7380DA62CD0355E1
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00EC72D6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00EC6511: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,8007000E,?,-C000001E,00000001), ref: 00EC6516
                                                                                                                                                                              • Part of subcall function 00EC6511: GetLastError.KERNEL32(?,00000000,?,8007000E,?,-C000001E,00000001), ref: 00EC6520
                                                                                                                                                                            • IsDebuggerPresent.KERNEL32(?,?,?,00EC648A), ref: 00EC7309
                                                                                                                                                                            • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00EC648A), ref: 00EC7318
                                                                                                                                                                            Strings
                                                                                                                                                                            • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00EC7313
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000001.00000002.2391246047.0000000000EC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                            • Associated: 00000001.00000002.2391217879.0000000000EC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            • Associated: 00000001.00000002.2391283399.0000000000ED5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            • Associated: 00000001.00000002.2391313227.0000000000ED7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_1_2_ec0000_BraveUpdate.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CountCriticalDebugDebuggerErrorInitializeLastOutputPresentSectionSpinString
                                                                                                                                                                            • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                            • API String ID: 450123788-631824599
                                                                                                                                                                            • Opcode ID: 936e4ee11c5b15d14e6387c240b4503ba0e7a7d991e5423f7c61fccb5ab27103
                                                                                                                                                                            • Instruction ID: 7b80b341bc882947ac518c6f4b77fe8cf0662a6ab34ebc880abb7551579623eb
                                                                                                                                                                            • Opcode Fuzzy Hash: 936e4ee11c5b15d14e6387c240b4503ba0e7a7d991e5423f7c61fccb5ab27103
                                                                                                                                                                            • Instruction Fuzzy Hash: DEE065702053908FC3609F29EA05B067BE4AB04744F00595DE8D5F6282E7B2D4498B91
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Execution Graph

                                                                                                                                                                            Execution Coverage:3.6%
                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                            Signature Coverage:0%
                                                                                                                                                                            Total number of Nodes:1996
                                                                                                                                                                            Total number of Limit Nodes:27
                                                                                                                                                                            execution_graph 8419 807a81 8422 808032 8419->8422 8421 807a86 8421->8421 8423 808048 8422->8423 8425 808051 8423->8425 8426 807fe5 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 8423->8426 8425->8421 8426->8425 9383 80d601 9386 80d60c 9383->9386 9384 80e983 6 API calls 9384->9386 9385 80d635 9389 80d659 9385->9389 9386->9384 9386->9385 9387 80d631 9386->9387 9390 80d685 9389->9390 9391 80d666 9389->9391 9390->9387 9392 80d670 DeleteCriticalSection 9391->9392 9392->9390 9392->9392 8427 806482 8428 8064a0 RaiseException 8427->8428 8429 80b083 8432 809a5f 8429->8432 8433 809a71 8432->8433 8434 809a83 8432->8434 8433->8434 8435 809a79 8433->8435 8446 809b24 8434->8446 8437 809b24 _unexpected 51 API calls 8435->8437 8438 809a81 8435->8438 8440 809aa1 8437->8440 8439 809a88 8439->8438 8441 809b24 _unexpected 51 API calls 8439->8441 8442 809b24 _unexpected 51 API calls 8440->8442 8441->8438 8443 809aac 8442->8443 8459 80cc9b 8443->8459 8465 809b32 8446->8465 8448 809b29 8448->8439 8479 80eeb2 8448->8479 8451 80cd46 8453 80cd50 IsProcessorFeaturePresent 8451->8453 8458 80cd6f 8451->8458 8454 80cd5c 8453->8454 8456 80b83e __FrameHandler3::FrameUnwindToState 8 API calls 8454->8456 8455 80bfc9 __FrameHandler3::FrameUnwindToState 23 API calls 8457 80cd79 8455->8457 8456->8458 8458->8455 8460 80cca7 __FrameHandler3::FrameUnwindToState 8459->8460 8461 80d240 _unexpected 41 API calls 8460->8461 8464 80ccac 8461->8464 8462 80cd36 __FrameHandler3::FrameUnwindToState 41 API calls 8463 80ccd6 8462->8463 8464->8462 8466 809b3b 8465->8466 8467 809b3e GetLastError 8465->8467 8466->8448 8509 809f70 8467->8509 8469 809bb8 SetLastError 8469->8448 8471 809fab ___vcrt_FlsSetValue 6 API calls 8472 809b6c _unexpected 8471->8472 8473 809b94 8472->8473 8474 809fab ___vcrt_FlsSetValue 6 API calls 8472->8474 8478 809b72 8472->8478 8475 809fab ___vcrt_FlsSetValue 6 API calls 8473->8475 8476 809ba8 8473->8476 8474->8473 8475->8476 8514 80bb0b 8476->8514 8478->8469 8517 80ede4 8479->8517 8482 80eef7 8483 80ef03 __FrameHandler3::FrameUnwindToState 8482->8483 8488 80ef30 __FrameHandler3::FrameUnwindToState 8483->8488 8491 80ef2a __FrameHandler3::FrameUnwindToState 8483->8491 8528 80d391 GetLastError 8483->8528 8485 80ef77 8486 80baf8 ___std_exception_copy 14 API calls 8485->8486 8487 80ef7c 8486->8487 8489 80ba3a ___std_exception_copy 41 API calls 8487->8489 8490 80efa3 8488->8490 8551 80d642 EnterCriticalSection 8488->8551 8492 80ef61 8489->8492 8495 80f0d6 8490->8495 8496 80efe5 8490->8496 8506 80f014 8490->8506 8491->8485 8491->8488 8491->8492 8492->8451 8501 80f0e1 8495->8501 8556 80d68a LeaveCriticalSection 8495->8556 8500 80d240 _unexpected 41 API calls 8496->8500 8496->8506 8498 80bfc9 __FrameHandler3::FrameUnwindToState 23 API calls 8502 80f0e9 8498->8502 8504 80f009 8500->8504 8501->8498 8503 80d240 _unexpected 41 API calls 8507 80f069 8503->8507 8505 80d240 _unexpected 41 API calls 8504->8505 8505->8506 8552 80f083 8506->8552 8507->8492 8508 80d240 _unexpected 41 API calls 8507->8508 8508->8492 8510 809eb1 ___vcrt_InitializeCriticalSectionEx 5 API calls 8509->8510 8511 809f8a 8510->8511 8512 809fa2 TlsGetValue 8511->8512 8513 809b53 8511->8513 8512->8513 8513->8469 8513->8471 8513->8478 8515 80d52b __freea 14 API calls 8514->8515 8516 80bb23 8515->8516 8516->8478 8518 80edf0 __FrameHandler3::FrameUnwindToState 8517->8518 8523 80d642 EnterCriticalSection 8518->8523 8520 80edfe 8524 80ee3c 8520->8524 8523->8520 8527 80d68a LeaveCriticalSection 8524->8527 8526 80cd3b 8526->8451 8526->8482 8527->8526 8529 80d3ad 8528->8529 8530 80d3a7 8528->8530 8532 80e941 _unexpected 6 API calls 8529->8532 8550 80d3b1 SetLastError 8529->8550 8531 80e902 _unexpected 6 API calls 8530->8531 8531->8529 8533 80d3c9 8532->8533 8535 80d6d2 _unexpected 12 API calls 8533->8535 8533->8550 8536 80d3de 8535->8536 8537 80d3e6 8536->8537 8538 80d3f7 8536->8538 8539 80e941 _unexpected 6 API calls 8537->8539 8540 80e941 _unexpected 6 API calls 8538->8540 8541 80d3f4 8539->8541 8542 80d403 8540->8542 8546 80d52b __freea 12 API calls 8541->8546 8543 80d407 8542->8543 8544 80d41e 8542->8544 8545 80e941 _unexpected 6 API calls 8543->8545 8547 80d06e _unexpected 12 API calls 8544->8547 8545->8541 8546->8550 8548 80d429 8547->8548 8549 80d52b __freea 12 API calls 8548->8549 8549->8550 8550->8491 8551->8490 8553 80f089 8552->8553 8555 80f05a 8552->8555 8557 80d68a LeaveCriticalSection 8553->8557 8555->8492 8555->8503 8555->8507 8556->8501 8557->8555 9393 813205 9395 81322d 9393->9395 9394 813265 9395->9394 9396 813257 9395->9396 9397 81325e 9395->9397 9398 8132d7 20 API calls 9396->9398 9402 8132c0 9397->9402 9400 81325c 9398->9400 9403 8132e0 9402->9403 9404 81374f __startOneArgErrorHandling 20 API calls 9403->9404 9405 813263 9404->9405 7453 807905 7454 807911 __FrameHandler3::FrameUnwindToState 7453->7454 7479 807657 7454->7479 7456 807918 7457 807a6b 7456->7457 7467 807942 ___scrt_is_nonwritable_in_current_image __FrameHandler3::FrameUnwindToState ___scrt_release_startup_lock 7456->7467 7527 807bb0 IsProcessorFeaturePresent 7457->7527 7459 807a72 7507 80c006 7459->7507 7464 807961 7466 8079e8 7491 806c1e GetModuleHandleW GetProcAddress 7466->7491 7467->7464 7469 8079e2 7467->7469 7510 80bfe0 7467->7510 7487 807ccb 7469->7487 7471 8079fd 7516 807d04 GetModuleHandleW 7471->7516 7474 807a08 7475 807a11 7474->7475 7518 80bfba 7474->7518 7521 8077c8 7475->7521 7480 807660 7479->7480 7534 807db1 IsProcessorFeaturePresent 7480->7534 7484 807671 7485 807675 7484->7485 7544 809759 7484->7544 7485->7456 7606 8095e0 7487->7606 7490 807cf1 7490->7466 7492 806c3d 7491->7492 7608 806887 7492->7608 7494 806c4c 7635 806dd7 7494->7635 7496 806c56 7638 806a8c 7496->7638 7499 806c83 7499->7471 7500 806c6b LoadLibraryExW 7501 806c87 GetProcAddress 7500->7501 7502 806c7e 7500->7502 7504 806c99 GetCommandLineW 7501->7504 7506 806ca5 FreeLibrary 7501->7506 7669 806820 GetLastError 7502->7669 7504->7506 7506->7499 7976 80be30 7507->7976 7511 80bff6 __FrameHandler3::FrameUnwindToState _unexpected 7510->7511 7511->7469 8066 80d240 GetLastError 7511->8066 7513 80cd36 __FrameHandler3::FrameUnwindToState 41 API calls 7514 80ccd6 7513->7514 7517 807a04 7516->7517 7517->7459 7517->7474 7519 80be30 __FrameHandler3::FrameUnwindToState 23 API calls 7518->7519 7520 80bfc5 7519->7520 7520->7475 7522 8077d4 7521->7522 7523 8077ea 7522->7523 8271 80c9ca 7522->8271 7523->7464 7525 8077e2 7526 809759 ___scrt_uninitialize_crt 7 API calls 7525->7526 7526->7523 7528 807bc6 __FrameHandler3::FrameUnwindToState 7527->7528 7529 807c71 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 7528->7529 7530 807cbc __FrameHandler3::FrameUnwindToState 7529->7530 7530->7459 7531 80bfc9 7532 80be30 __FrameHandler3::FrameUnwindToState 23 API calls 7531->7532 7533 807a80 7532->7533 7535 80766c 7534->7535 7536 80973a 7535->7536 7550 809c12 7536->7550 7540 80974b 7541 809756 7540->7541 7564 809c4e 7540->7564 7541->7484 7543 809743 7543->7484 7545 809762 7544->7545 7546 80976c 7544->7546 7547 809bf7 ___vcrt_uninitialize_ptd 6 API calls 7545->7547 7546->7485 7548 809767 7547->7548 7549 809c4e ___vcrt_uninitialize_locks DeleteCriticalSection 7548->7549 7549->7546 7551 809c1b 7550->7551 7553 809c44 7551->7553 7554 80973f 7551->7554 7568 809fe9 7551->7568 7555 809c4e ___vcrt_uninitialize_locks DeleteCriticalSection 7553->7555 7554->7543 7556 809bc4 7554->7556 7555->7554 7587 809efa 7556->7587 7561 809bf4 7561->7540 7563 809bd9 7563->7540 7565 809c59 7564->7565 7567 809c78 7564->7567 7566 809c63 DeleteCriticalSection 7565->7566 7566->7566 7566->7567 7567->7543 7573 809eb1 7568->7573 7571 80a021 InitializeCriticalSectionAndSpinCount 7572 80a00c 7571->7572 7572->7551 7574 809ec9 7573->7574 7577 809eec 7573->7577 7574->7577 7579 809e17 7574->7579 7577->7571 7577->7572 7578 809ede GetProcAddress 7578->7577 7585 809e23 ___vcrt_InitializeCriticalSectionEx 7579->7585 7580 809e97 7580->7577 7580->7578 7581 809e39 LoadLibraryExW 7582 809e57 GetLastError 7581->7582 7583 809e9e 7581->7583 7582->7585 7583->7580 7584 809ea6 FreeLibrary 7583->7584 7584->7580 7585->7580 7585->7581 7586 809e79 LoadLibraryExW 7585->7586 7586->7583 7586->7585 7588 809eb1 ___vcrt_InitializeCriticalSectionEx 5 API calls 7587->7588 7589 809f14 7588->7589 7590 809f2d TlsAlloc 7589->7590 7591 809bce 7589->7591 7591->7563 7592 809fab 7591->7592 7593 809eb1 ___vcrt_InitializeCriticalSectionEx 5 API calls 7592->7593 7594 809fc5 7593->7594 7595 809fe0 TlsSetValue 7594->7595 7596 809be7 7594->7596 7595->7596 7596->7561 7597 809bf7 7596->7597 7598 809c01 7597->7598 7599 809c07 7597->7599 7601 809f35 7598->7601 7599->7563 7602 809eb1 ___vcrt_InitializeCriticalSectionEx 5 API calls 7601->7602 7603 809f4f 7602->7603 7604 809f67 TlsFree 7603->7604 7605 809f5b 7603->7605 7604->7605 7605->7599 7607 807cde GetStartupInfoW 7606->7607 7607->7490 7609 806dd7 56 API calls 7608->7609 7610 806898 7609->7610 7611 8068b1 GetModuleFileNameW 7610->7611 7612 8068c9 7611->7612 7613 8069a0 7612->7613 7671 80664f 7612->7671 7613->7494 7615 8069e3 7617 806914 7710 806eab 7617->7710 7618 806906 7701 806f7d 7618->7701 7621 806912 7686 806cc6 7621->7686 7623 806931 7690 806ffa 7623->7690 7625 80693c 7694 806d76 7625->7694 7627 80694e 7628 806dd7 56 API calls 7627->7628 7629 80695e 7628->7629 7630 806973 SHGetFolderPathW 7629->7630 7631 80698c 7630->7631 7631->7613 7723 806d3c 7631->7723 7633 806998 7634 806d3c CharLowerBuffW 7633->7634 7634->7613 7636 80664f 56 API calls 7635->7636 7637 806ddf 7636->7637 7637->7496 7639 806ac1 __FrameHandler3::FrameUnwindToState 7638->7639 7640 806ad0 GetModuleFileNameW 7639->7640 7641 806af5 PathRemoveFileSpecW 7640->7641 7642 806aeb 7640->7642 7949 80b6ca 7641->7949 7643 806820 GetLastError 7642->7643 7661 806af0 7643->7661 7646 806b31 7958 80683b 7646->7958 7649 806c1c 7649->7499 7649->7500 7651 806b40 7655 806eab 41 API calls 7651->7655 7652 806b63 7653 80b6ca 41 API calls 7652->7653 7654 806b7b 7653->7654 7656 806dd7 56 API calls 7654->7656 7655->7661 7657 806b89 7656->7657 7964 8069ee RegOpenKeyExW 7657->7964 7659 806b9a 7660 806ba0 PathAppendW 7659->7660 7659->7661 7662 806bb3 PathAppendW 7660->7662 7663 806bc5 7660->7663 7968 8073ee 7661->7968 7662->7663 7664 806bce 7662->7664 7665 806820 GetLastError 7663->7665 7666 80683b 6 API calls 7664->7666 7665->7661 7667 806bd9 7666->7667 7667->7661 7668 806eab 41 API calls 7667->7668 7668->7661 7670 80682a 7669->7670 7670->7499 7672 806666 7671->7672 7673 80667d 7671->7673 7675 80750b 6 API calls 7672->7675 7685 806678 7672->7685 7728 80750b EnterCriticalSection 7673->7728 7678 8066cd 7675->7678 7676 806688 7676->7672 7677 806692 GetProcessHeap 7676->7677 7733 80781d 7677->7733 7680 80781d 44 API calls 7678->7680 7678->7685 7682 80671a 7680->7682 7684 8074c1 __Init_thread_footer 5 API calls 7682->7684 7684->7685 7685->7615 7685->7617 7685->7618 7818 806dfe 7686->7818 7688 806cd4 PathRemoveFileSpecW 7689 806ce3 7688->7689 7689->7623 7691 807005 7690->7691 7693 807013 7691->7693 7820 8070a4 7691->7820 7693->7625 7696 806d8e 7694->7696 7700 806da2 7694->7700 7695 806dc3 7698 806eab 41 API calls 7695->7698 7696->7695 7697 806d9d 7696->7697 7699 806ffa 14 API calls 7697->7699 7698->7700 7699->7700 7700->7627 7826 807387 EnterCriticalSection 7701->7826 7703 806f92 7704 806fa8 FindResourceExW 7703->7704 7706 807387 5 API calls 7703->7706 7707 806fe0 7703->7707 7709 806fef 7703->7709 7831 806539 LoadResource 7703->7831 7704->7703 7706->7703 7707->7709 7835 807118 FindResourceW 7707->7835 7709->7621 7712 806ec3 7710->7712 7720 806eb9 __InternalCxxFrameHandler 7710->7720 7711 806f57 7712->7711 7713 806ef3 7712->7713 7714 806f3d 7712->7714 7716 806f04 7713->7716 7718 806f1a 7713->7718 7713->7720 7715 8070a4 14 API calls 7714->7715 7715->7720 7717 80baf8 ___std_exception_copy 14 API calls 7716->7717 7719 806f09 7717->7719 7718->7720 7721 80baf8 ___std_exception_copy 14 API calls 7718->7721 7722 80ba3a ___std_exception_copy 41 API calls 7719->7722 7720->7621 7721->7719 7722->7720 7724 806d4b 7723->7724 7725 806d56 CharLowerBuffW 7724->7725 7726 806d6b 7724->7726 7727 806d66 7725->7727 7727->7633 7731 80751f 7728->7731 7730 807524 LeaveCriticalSection 7730->7676 7731->7730 7741 807593 7731->7741 7746 8077f0 7733->7746 7736 8074c1 EnterCriticalSection LeaveCriticalSection 7737 80755d 7736->7737 7738 807568 RtlWakeAllConditionVariable 7737->7738 7739 807579 SetEvent ResetEvent 7737->7739 7738->7672 7739->7672 7742 8075a1 SleepConditionVariableCS 7741->7742 7743 8075ba LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 7741->7743 7744 8075de 7742->7744 7743->7744 7744->7731 7747 807806 7746->7747 7748 8077ff 7746->7748 7755 80c88a 7747->7755 7752 80c80d 7748->7752 7751 8066b8 7751->7736 7753 80c88a 44 API calls 7752->7753 7754 80c81f 7753->7754 7754->7751 7758 80c5d6 7755->7758 7759 80c5e2 __FrameHandler3::FrameUnwindToState 7758->7759 7766 80d642 EnterCriticalSection 7759->7766 7761 80c5f0 7767 80c631 7761->7767 7763 80c5fd 7777 80c625 7763->7777 7766->7761 7768 80c64c 7767->7768 7769 80c6bf _unexpected 7767->7769 7768->7769 7770 80c69f 7768->7770 7780 80bb26 7768->7780 7769->7763 7770->7769 7771 80bb26 44 API calls 7770->7771 7773 80c6b5 7771->7773 7775 80d52b __freea 14 API calls 7773->7775 7774 80c695 7789 80d52b 7774->7789 7775->7769 7817 80d68a LeaveCriticalSection 7777->7817 7779 80c60e 7779->7751 7781 80bb33 7780->7781 7782 80bb4e 7780->7782 7781->7782 7783 80bb3f 7781->7783 7787 80bb5d 7782->7787 7798 80d565 7782->7798 7795 80baf8 7783->7795 7805 80d598 7787->7805 7788 80bb44 __FrameHandler3::FrameUnwindToState 7788->7774 7790 80d560 7789->7790 7791 80d536 HeapFree 7789->7791 7790->7770 7791->7790 7792 80d54b GetLastError 7791->7792 7793 80d558 __freea 7792->7793 7794 80baf8 ___std_exception_copy 12 API calls 7793->7794 7794->7790 7796 80d391 ___std_exception_copy 14 API calls 7795->7796 7797 80bafd 7796->7797 7797->7788 7799 80d570 7798->7799 7800 80d585 HeapSize 7798->7800 7801 80baf8 ___std_exception_copy 14 API calls 7799->7801 7800->7787 7802 80d575 7801->7802 7803 80ba3a ___std_exception_copy 41 API calls 7802->7803 7804 80d580 7803->7804 7804->7787 7806 80d5b0 7805->7806 7807 80d5a5 7805->7807 7809 80d5b8 7806->7809 7815 80d5c1 _unexpected 7806->7815 7808 80fac8 15 API calls 7807->7808 7814 80d5ad 7808->7814 7812 80d52b __freea 14 API calls 7809->7812 7810 80d5c6 7813 80baf8 ___std_exception_copy 14 API calls 7810->7813 7811 80d5eb HeapReAlloc 7811->7814 7811->7815 7812->7814 7813->7814 7814->7788 7815->7810 7815->7811 7816 80ed5b _unexpected EnterCriticalSection LeaveCriticalSection 7815->7816 7816->7815 7817->7779 7819 806e2f 7818->7819 7821 8070b6 7820->7821 7824 8070d9 __InternalCxxFrameHandler 7820->7824 7822 80baf8 ___std_exception_copy 14 API calls 7821->7822 7825 8070bf __FrameHandler3::FrameUnwindToState 7821->7825 7822->7825 7823 80baf8 14 API calls ___std_exception_copy 7823->7825 7824->7693 7825->7823 7825->7824 7827 8073a0 7826->7827 7828 8073a9 LeaveCriticalSection 7826->7828 7827->7828 7841 807362 7827->7841 7828->7703 7832 80654f LockResource 7831->7832 7834 80656f 7831->7834 7833 80655c SizeofResource 7832->7833 7832->7834 7833->7834 7834->7703 7836 807139 7835->7836 7840 807168 7835->7840 7837 806539 3 API calls 7836->7837 7838 807146 7837->7838 7838->7840 7852 80b61a 7838->7852 7840->7709 7842 80736c 7841->7842 7843 807371 7842->7843 7851 8064a0 RaiseException 7842->7851 7843->7828 7845 807386 EnterCriticalSection 7847 8073a0 7845->7847 7848 8073a9 LeaveCriticalSection 7845->7848 7847->7848 7850 807362 RaiseException 7847->7850 7848->7828 7850->7848 7851->7845 7853 80b62b 7852->7853 7862 80b627 __InternalCxxFrameHandler 7852->7862 7854 80b632 7853->7854 7855 80b645 _wmemset 7853->7855 7856 80baf8 ___std_exception_copy 14 API calls 7854->7856 7859 80b676 7855->7859 7860 80b67f 7855->7860 7855->7862 7857 80b637 7856->7857 7866 80ba3a 7857->7866 7861 80baf8 ___std_exception_copy 14 API calls 7859->7861 7860->7862 7864 80baf8 ___std_exception_copy 14 API calls 7860->7864 7863 80b67b 7861->7863 7862->7840 7865 80ba3a ___std_exception_copy 41 API calls 7863->7865 7864->7863 7865->7862 7869 80b986 7866->7869 7870 80b998 ___std_exception_copy 7869->7870 7875 80b9bd 7870->7875 7872 80b9b0 7886 80b776 7872->7886 7876 80b9cd 7875->7876 7878 80b9d4 7875->7878 7892 80b7db GetLastError 7876->7892 7882 80b9e2 7878->7882 7896 80b7b2 7878->7896 7880 80ba09 7880->7882 7899 80ba4a IsProcessorFeaturePresent 7880->7899 7882->7872 7883 80ba39 7884 80b986 ___std_exception_copy 41 API calls 7883->7884 7885 80ba46 7884->7885 7885->7872 7887 80b782 7886->7887 7889 80b799 7887->7889 7931 80b821 7887->7931 7890 80b821 ___std_exception_copy 41 API calls 7889->7890 7891 80b7ac 7889->7891 7890->7891 7891->7862 7893 80b7f4 7892->7893 7903 80d442 7893->7903 7897 80b7d6 7896->7897 7898 80b7bd GetLastError SetLastError 7896->7898 7897->7880 7898->7880 7900 80ba56 7899->7900 7925 80b83e 7900->7925 7904 80d455 7903->7904 7905 80d45b 7903->7905 7907 80e902 _unexpected 6 API calls 7904->7907 7906 80e941 _unexpected 6 API calls 7905->7906 7924 80b80c SetLastError 7905->7924 7908 80d475 7906->7908 7907->7905 7909 80d6d2 _unexpected 14 API calls 7908->7909 7908->7924 7910 80d485 7909->7910 7911 80d4a2 7910->7911 7912 80d48d 7910->7912 7913 80e941 _unexpected 6 API calls 7911->7913 7914 80e941 _unexpected 6 API calls 7912->7914 7915 80d4ae 7913->7915 7916 80d499 7914->7916 7917 80d4c1 7915->7917 7918 80d4b2 7915->7918 7921 80d52b __freea 14 API calls 7916->7921 7920 80d06e _unexpected 14 API calls 7917->7920 7919 80e941 _unexpected 6 API calls 7918->7919 7919->7916 7922 80d4cc 7920->7922 7921->7924 7923 80d52b __freea 14 API calls 7922->7923 7923->7924 7924->7878 7926 80b85a __FrameHandler3::FrameUnwindToState 7925->7926 7927 80b886 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 7926->7927 7930 80b957 __FrameHandler3::FrameUnwindToState 7927->7930 7928 8073ee __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 7929 80b975 GetCurrentProcess TerminateProcess 7928->7929 7929->7883 7930->7928 7932 80b834 7931->7932 7933 80b82b 7931->7933 7932->7889 7934 80b7db ___std_exception_copy 16 API calls 7933->7934 7935 80b830 7934->7935 7935->7932 7938 80cd36 7935->7938 7939 80eeb2 __FrameHandler3::FrameUnwindToState EnterCriticalSection LeaveCriticalSection 7938->7939 7940 80cd3b 7939->7940 7941 80eef7 __FrameHandler3::FrameUnwindToState 40 API calls 7940->7941 7944 80cd46 7940->7944 7941->7944 7942 80cd50 IsProcessorFeaturePresent 7945 80cd5c 7942->7945 7943 80cd6f 7946 80bfc9 __FrameHandler3::FrameUnwindToState 23 API calls 7943->7946 7944->7942 7944->7943 7947 80b83e __FrameHandler3::FrameUnwindToState 8 API calls 7945->7947 7948 80cd79 7946->7948 7947->7943 7950 80b6d8 7949->7950 7951 80b6e6 7949->7951 7950->7951 7956 80b700 7950->7956 7952 80baf8 ___std_exception_copy 14 API calls 7951->7952 7953 80b6f0 7952->7953 7954 80ba3a ___std_exception_copy 41 API calls 7953->7954 7955 806b16 PathAppendW 7954->7955 7955->7642 7955->7646 7956->7955 7957 80baf8 ___std_exception_copy 14 API calls 7956->7957 7957->7953 7959 806852 7958->7959 7960 806878 7958->7960 7959->7960 7961 806859 GetFileAttributesExW 7959->7961 7962 8073ee __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 7960->7962 7961->7960 7963 806885 7962->7963 7963->7651 7963->7652 7965 806a2b 7964->7965 7967 806a1f 7964->7967 7966 806a43 SHQueryValueExW 7965->7966 7966->7967 7967->7659 7969 8073f6 7968->7969 7970 8073f7 IsProcessorFeaturePresent 7968->7970 7969->7649 7972 807acb 7970->7972 7975 807a8e SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 7972->7975 7974 807bae 7974->7649 7975->7974 7977 80be5d 7976->7977 7978 80be6f 7976->7978 7979 807d04 __FrameHandler3::FrameUnwindToState GetModuleHandleW 7977->7979 7988 80bcd9 7978->7988 7981 80be62 7979->7981 7981->7978 8003 80bf1a GetModuleHandleExW 7981->8003 7983 807a78 7983->7531 7986 80bec1 7989 80bce5 __FrameHandler3::FrameUnwindToState 7988->7989 8009 80d642 EnterCriticalSection 7989->8009 7991 80bcef 8010 80bd45 7991->8010 7993 80bcfc 8014 80bd1a 7993->8014 7996 80bec7 8039 80bef8 7996->8039 7999 80bee5 8001 80bf1a __FrameHandler3::FrameUnwindToState 3 API calls 7999->8001 8000 80bed5 GetCurrentProcess TerminateProcess 8000->7999 8002 80beed ExitProcess 8001->8002 8004 80bf59 GetProcAddress 8003->8004 8005 80bf7a 8003->8005 8004->8005 8008 80bf6d 8004->8008 8006 80bf80 FreeLibrary 8005->8006 8007 80be6e 8005->8007 8006->8007 8007->7978 8008->8005 8009->7991 8011 80bd51 __FrameHandler3::FrameUnwindToState 8010->8011 8013 80bdb8 __FrameHandler3::FrameUnwindToState 8011->8013 8017 80c823 8011->8017 8013->7993 8038 80d68a LeaveCriticalSection 8014->8038 8016 80bd08 8016->7983 8016->7996 8018 80c82f __EH_prolog3 8017->8018 8021 80c57b 8018->8021 8020 80c856 __FrameHandler3::FrameUnwindToState 8020->8013 8022 80c587 __FrameHandler3::FrameUnwindToState 8021->8022 8029 80d642 EnterCriticalSection 8022->8029 8024 80c595 8030 80c733 8024->8030 8029->8024 8031 80c5a2 8030->8031 8032 80c752 8030->8032 8034 80c5ca 8031->8034 8032->8031 8033 80d52b __freea 14 API calls 8032->8033 8033->8031 8037 80d68a LeaveCriticalSection 8034->8037 8036 80c5b3 8036->8020 8037->8036 8038->8016 8044 80d6a1 GetPEB 8039->8044 8042 80bf02 GetPEB 8043 80bed1 8042->8043 8043->7999 8043->8000 8045 80befd 8044->8045 8046 80d6bb 8044->8046 8045->8042 8045->8043 8048 80e844 8046->8048 8051 80e7c1 8048->8051 8052 80e7ef 8051->8052 8057 80e7eb 8051->8057 8052->8057 8058 80e6f6 8052->8058 8055 80e809 GetProcAddress 8056 80e819 _unexpected 8055->8056 8055->8057 8056->8057 8057->8045 8064 80e707 ___vcrt_InitializeCriticalSectionEx 8058->8064 8059 80e79d 8059->8055 8059->8057 8060 80e725 LoadLibraryExW 8061 80e740 GetLastError 8060->8061 8062 80e7a4 8060->8062 8061->8064 8062->8059 8063 80e7b6 FreeLibrary 8062->8063 8063->8059 8064->8059 8064->8060 8065 80e773 LoadLibraryExW 8064->8065 8065->8062 8065->8064 8067 80d256 8066->8067 8070 80d25c 8066->8070 8093 80e902 8067->8093 8090 80d260 SetLastError 8070->8090 8098 80e941 8070->8098 8074 80d28d 8077 80d295 8074->8077 8078 80d2a6 8074->8078 8075 80ccac 8075->7513 8076 80d2f5 8079 80cd36 __FrameHandler3::FrameUnwindToState 39 API calls 8076->8079 8080 80e941 _unexpected 6 API calls 8077->8080 8081 80e941 _unexpected 6 API calls 8078->8081 8082 80d2fa 8079->8082 8083 80d2a3 8080->8083 8084 80d2b2 8081->8084 8088 80d52b __freea 14 API calls 8083->8088 8085 80d2b6 8084->8085 8086 80d2cd 8084->8086 8087 80e941 _unexpected 6 API calls 8085->8087 8110 80d06e 8086->8110 8087->8083 8088->8090 8090->8075 8090->8076 8092 80d52b __freea 14 API calls 8092->8090 8094 80e7c1 _unexpected 5 API calls 8093->8094 8095 80e91e 8094->8095 8096 80e939 TlsGetValue 8095->8096 8097 80e927 8095->8097 8097->8070 8099 80e7c1 _unexpected 5 API calls 8098->8099 8100 80e95d 8099->8100 8101 80d278 8100->8101 8102 80e97b TlsSetValue 8100->8102 8101->8090 8103 80d6d2 8101->8103 8108 80d6df _unexpected 8103->8108 8104 80d71f 8107 80baf8 ___std_exception_copy 13 API calls 8104->8107 8105 80d70a HeapAlloc 8106 80d71d 8105->8106 8105->8108 8106->8074 8107->8106 8108->8104 8108->8105 8115 80ed5b 8108->8115 8129 80cf02 8110->8129 8118 80ed88 8115->8118 8119 80ed94 __FrameHandler3::FrameUnwindToState 8118->8119 8124 80d642 EnterCriticalSection 8119->8124 8121 80ed9f 8125 80eddb 8121->8125 8124->8121 8128 80d68a LeaveCriticalSection 8125->8128 8127 80ed66 8127->8108 8128->8127 8130 80cf0e __FrameHandler3::FrameUnwindToState 8129->8130 8143 80d642 EnterCriticalSection 8130->8143 8132 80cf18 8144 80cf48 8132->8144 8135 80d014 8136 80d020 __FrameHandler3::FrameUnwindToState 8135->8136 8148 80d642 EnterCriticalSection 8136->8148 8138 80d02a 8149 80d1f5 8138->8149 8140 80d042 8153 80d062 8140->8153 8143->8132 8147 80d68a LeaveCriticalSection 8144->8147 8146 80cf36 8146->8135 8147->8146 8148->8138 8150 80d22b _unexpected 8149->8150 8151 80d204 _unexpected 8149->8151 8150->8140 8151->8150 8156 80fd0a 8151->8156 8270 80d68a LeaveCriticalSection 8153->8270 8155 80d050 8155->8092 8158 80fd8a 8156->8158 8159 80fd20 8156->8159 8160 80d52b __freea 14 API calls 8158->8160 8182 80fdd8 8158->8182 8159->8158 8163 80fd53 8159->8163 8166 80d52b __freea 14 API calls 8159->8166 8161 80fdac 8160->8161 8162 80d52b __freea 14 API calls 8161->8162 8164 80fdbf 8162->8164 8167 80d52b __freea 14 API calls 8163->8167 8181 80fd75 8163->8181 8168 80d52b __freea 14 API calls 8164->8168 8165 80d52b __freea 14 API calls 8169 80fd7f 8165->8169 8171 80fd48 8166->8171 8172 80fd6a 8167->8172 8173 80fdcd 8168->8173 8174 80d52b __freea 14 API calls 8169->8174 8170 80fe46 8175 80d52b __freea 14 API calls 8170->8175 8184 80f858 8171->8184 8212 80f956 8172->8212 8178 80d52b __freea 14 API calls 8173->8178 8174->8158 8179 80fe4c 8175->8179 8178->8182 8179->8150 8180 80fde6 8180->8170 8183 80d52b 14 API calls __freea 8180->8183 8181->8165 8224 80fe7b 8182->8224 8183->8180 8185 80f952 8184->8185 8186 80f869 8184->8186 8185->8163 8187 80f87a 8186->8187 8188 80d52b __freea 14 API calls 8186->8188 8189 80f88c 8187->8189 8191 80d52b __freea 14 API calls 8187->8191 8188->8187 8190 80f89e 8189->8190 8192 80d52b __freea 14 API calls 8189->8192 8193 80f8b0 8190->8193 8194 80d52b __freea 14 API calls 8190->8194 8191->8189 8192->8190 8195 80f8c2 8193->8195 8196 80d52b __freea 14 API calls 8193->8196 8194->8193 8197 80f8d4 8195->8197 8199 80d52b __freea 14 API calls 8195->8199 8196->8195 8198 80f8e6 8197->8198 8200 80d52b __freea 14 API calls 8197->8200 8201 80f8f8 8198->8201 8202 80d52b __freea 14 API calls 8198->8202 8199->8197 8200->8198 8203 80f90a 8201->8203 8204 80d52b __freea 14 API calls 8201->8204 8202->8201 8205 80f91c 8203->8205 8207 80d52b __freea 14 API calls 8203->8207 8204->8203 8206 80f92e 8205->8206 8208 80d52b __freea 14 API calls 8205->8208 8209 80f940 8206->8209 8210 80d52b __freea 14 API calls 8206->8210 8207->8205 8208->8206 8209->8185 8211 80d52b __freea 14 API calls 8209->8211 8210->8209 8211->8185 8213 80f9bb 8212->8213 8215 80f963 8212->8215 8213->8181 8214 80f973 8217 80f985 8214->8217 8219 80d52b __freea 14 API calls 8214->8219 8215->8214 8216 80d52b __freea 14 API calls 8215->8216 8216->8214 8218 80f997 8217->8218 8220 80d52b __freea 14 API calls 8217->8220 8221 80f9a9 8218->8221 8222 80d52b __freea 14 API calls 8218->8222 8219->8217 8220->8218 8221->8213 8223 80d52b __freea 14 API calls 8221->8223 8222->8221 8223->8213 8225 80fe88 8224->8225 8229 80fea7 8224->8229 8225->8229 8230 80f9e4 8225->8230 8228 80d52b __freea 14 API calls 8228->8229 8229->8180 8231 80fac2 8230->8231 8232 80f9f5 8230->8232 8231->8228 8266 80f9bf 8232->8266 8235 80f9bf _unexpected 14 API calls 8236 80fa08 8235->8236 8237 80f9bf _unexpected 14 API calls 8236->8237 8238 80fa13 8237->8238 8239 80f9bf _unexpected 14 API calls 8238->8239 8240 80fa1e 8239->8240 8241 80f9bf _unexpected 14 API calls 8240->8241 8242 80fa2c 8241->8242 8243 80d52b __freea 14 API calls 8242->8243 8244 80fa37 8243->8244 8245 80d52b __freea 14 API calls 8244->8245 8246 80fa42 8245->8246 8247 80d52b __freea 14 API calls 8246->8247 8248 80fa4d 8247->8248 8249 80f9bf _unexpected 14 API calls 8248->8249 8250 80fa5b 8249->8250 8251 80f9bf _unexpected 14 API calls 8250->8251 8252 80fa69 8251->8252 8253 80f9bf _unexpected 14 API calls 8252->8253 8254 80fa7a 8253->8254 8255 80f9bf _unexpected 14 API calls 8254->8255 8256 80fa88 8255->8256 8257 80f9bf _unexpected 14 API calls 8256->8257 8258 80fa96 8257->8258 8259 80d52b __freea 14 API calls 8258->8259 8260 80faa1 8259->8260 8261 80d52b __freea 14 API calls 8260->8261 8262 80faac 8261->8262 8263 80d52b __freea 14 API calls 8262->8263 8264 80fab7 8263->8264 8265 80d52b __freea 14 API calls 8264->8265 8265->8231 8267 80f9d1 8266->8267 8268 80f9e0 8267->8268 8269 80d52b __freea 14 API calls 8267->8269 8268->8235 8269->8267 8270->8155 8272 80c9e7 ___scrt_uninitialize_crt 8271->8272 8274 80c9d5 8271->8274 8272->7525 8273 80c9e3 8273->7525 8274->8273 8276 80f395 8274->8276 8279 80f222 8276->8279 8282 80f176 8279->8282 8283 80f182 __FrameHandler3::FrameUnwindToState 8282->8283 8290 80d642 EnterCriticalSection 8283->8290 8285 80f1f8 8299 80f216 8285->8299 8286 80f18c ___scrt_uninitialize_crt 8286->8285 8291 80f0ea 8286->8291 8290->8286 8292 80f0f6 __FrameHandler3::FrameUnwindToState 8291->8292 8302 80f4b2 EnterCriticalSection 8292->8302 8294 80f100 ___scrt_uninitialize_crt 8295 80f14c 8294->8295 8303 80f330 8294->8303 8316 80f16a 8295->8316 8418 80d68a LeaveCriticalSection 8299->8418 8301 80f204 8301->8273 8302->8294 8304 80f345 ___std_exception_copy 8303->8304 8305 80f357 8304->8305 8306 80f34c 8304->8306 8319 80f2c7 8305->8319 8307 80f222 ___scrt_uninitialize_crt 70 API calls 8306->8307 8315 80f352 8307->8315 8310 80b776 ___std_exception_copy 41 API calls 8312 80f38f 8310->8312 8312->8295 8313 80f378 8332 810f24 8313->8332 8315->8310 8417 80f4c6 LeaveCriticalSection 8316->8417 8318 80f158 8318->8286 8320 80f2e0 8319->8320 8324 80f307 8319->8324 8321 81065c ___scrt_uninitialize_crt 41 API calls 8320->8321 8320->8324 8322 80f2fc 8321->8322 8343 81174f 8322->8343 8324->8315 8325 81065c 8324->8325 8326 810668 8325->8326 8327 81067d 8325->8327 8328 80baf8 ___std_exception_copy 14 API calls 8326->8328 8327->8313 8329 81066d 8328->8329 8330 80ba3a ___std_exception_copy 41 API calls 8329->8330 8331 810678 8330->8331 8331->8313 8333 810f42 8332->8333 8334 810f35 8332->8334 8336 810f8b 8333->8336 8339 810f69 8333->8339 8335 80baf8 ___std_exception_copy 14 API calls 8334->8335 8341 810f3a 8335->8341 8337 80baf8 ___std_exception_copy 14 API calls 8336->8337 8338 810f90 8337->8338 8340 80ba3a ___std_exception_copy 41 API calls 8338->8340 8384 810e82 8339->8384 8340->8341 8341->8315 8344 81175b __FrameHandler3::FrameUnwindToState 8343->8344 8345 81181f 8344->8345 8347 8117b0 8344->8347 8353 811763 8344->8353 8346 80b9bd ___std_exception_copy 41 API calls 8345->8346 8346->8353 8354 80f701 EnterCriticalSection 8347->8354 8349 8117b6 8350 8117d3 8349->8350 8355 811857 8349->8355 8381 811817 8350->8381 8353->8324 8354->8349 8356 81187c 8355->8356 8380 81189f ___scrt_uninitialize_crt 8355->8380 8357 811880 8356->8357 8359 8118de 8356->8359 8358 80b9bd ___std_exception_copy 41 API calls 8357->8358 8358->8380 8360 8118f5 8359->8360 8361 811f2e ___scrt_uninitialize_crt 43 API calls 8359->8361 8362 8113db ___scrt_uninitialize_crt 42 API calls 8360->8362 8361->8360 8363 8118ff 8362->8363 8364 811945 8363->8364 8365 811905 8363->8365 8368 811959 8364->8368 8369 8119a8 WriteFile 8364->8369 8366 81190c 8365->8366 8367 81192f 8365->8367 8374 811373 ___scrt_uninitialize_crt 6 API calls 8366->8374 8366->8380 8370 810fa1 ___scrt_uninitialize_crt 47 API calls 8367->8370 8372 811961 8368->8372 8373 811996 8368->8373 8371 8119ca GetLastError 8369->8371 8369->8380 8370->8380 8371->8380 8376 811984 8372->8376 8377 811966 8372->8377 8375 811459 ___scrt_uninitialize_crt 7 API calls 8373->8375 8374->8380 8375->8380 8378 81161d ___scrt_uninitialize_crt 8 API calls 8376->8378 8379 811534 ___scrt_uninitialize_crt 7 API calls 8377->8379 8377->8380 8378->8380 8379->8380 8380->8350 8382 80f724 ___scrt_uninitialize_crt LeaveCriticalSection 8381->8382 8383 81181d 8382->8383 8383->8353 8385 810e8e __FrameHandler3::FrameUnwindToState 8384->8385 8397 80f701 EnterCriticalSection 8385->8397 8387 810e9d 8388 810ee2 8387->8388 8398 80f7d8 8387->8398 8389 80baf8 ___std_exception_copy 14 API calls 8388->8389 8392 810ee9 8389->8392 8391 810ec9 FlushFileBuffers 8391->8392 8393 810ed5 GetLastError 8391->8393 8414 810f18 8392->8414 8411 80bae5 8393->8411 8397->8387 8399 80f7e5 8398->8399 8400 80f7fa 8398->8400 8401 80bae5 ___scrt_uninitialize_crt 14 API calls 8399->8401 8403 80bae5 ___scrt_uninitialize_crt 14 API calls 8400->8403 8406 80f81f 8400->8406 8402 80f7ea 8401->8402 8405 80baf8 ___std_exception_copy 14 API calls 8402->8405 8404 80f82a 8403->8404 8407 80baf8 ___std_exception_copy 14 API calls 8404->8407 8408 80f7f2 8405->8408 8406->8391 8409 80f832 8407->8409 8408->8391 8410 80ba3a ___std_exception_copy 41 API calls 8409->8410 8410->8408 8412 80d391 ___std_exception_copy 14 API calls 8411->8412 8413 80baea 8412->8413 8413->8388 8415 80f724 ___scrt_uninitialize_crt LeaveCriticalSection 8414->8415 8416 810f01 8415->8416 8416->8341 8417->8318 8418->8301 9406 813507 9407 813520 __startOneArgErrorHandling 9406->9407 9408 813549 __startOneArgErrorHandling 9407->9408 9409 8138a1 20 API calls 9407->9409 9409->9408 8558 80ec87 8559 80ec8c 8558->8559 8560 80ecaf 8559->8560 8562 80f62e 8559->8562 8563 80f63b 8562->8563 8567 80f65d 8562->8567 8564 80f657 8563->8564 8565 80f649 DeleteCriticalSection 8563->8565 8566 80d52b __freea 14 API calls 8564->8566 8565->8564 8565->8565 8566->8567 8567->8559 9410 80d107 9411 80d112 9410->9411 9412 80d122 9410->9412 9416 80d128 9411->9416 9415 80d52b __freea 14 API calls 9415->9412 9417 80d13d 9416->9417 9420 80d143 9416->9420 9418 80d52b __freea 14 API calls 9417->9418 9418->9420 9419 80d52b __freea 14 API calls 9421 80d14f 9419->9421 9420->9419 9422 80d52b __freea 14 API calls 9421->9422 9423 80d15a 9422->9423 9424 80d52b __freea 14 API calls 9423->9424 9425 80d165 9424->9425 9426 80d52b __freea 14 API calls 9425->9426 9427 80d170 9426->9427 9428 80d52b __freea 14 API calls 9427->9428 9429 80d17b 9428->9429 9430 80d52b __freea 14 API calls 9429->9430 9431 80d186 9430->9431 9432 80d52b __freea 14 API calls 9431->9432 9433 80d191 9432->9433 9434 80d52b __freea 14 API calls 9433->9434 9435 80d19c 9434->9435 9436 80d52b __freea 14 API calls 9435->9436 9437 80d1aa 9436->9437 9442 80cf54 9437->9442 9443 80cf60 __FrameHandler3::FrameUnwindToState 9442->9443 9458 80d642 EnterCriticalSection 9443->9458 9445 80cf94 9459 80cfb3 9445->9459 9448 80cf6a 9448->9445 9449 80d52b __freea 14 API calls 9448->9449 9449->9445 9450 80cfbf 9451 80cfcb __FrameHandler3::FrameUnwindToState 9450->9451 9463 80d642 EnterCriticalSection 9451->9463 9453 80cfd5 9454 80d1f5 _unexpected 14 API calls 9453->9454 9455 80cfe8 9454->9455 9464 80d008 9455->9464 9458->9448 9462 80d68a LeaveCriticalSection 9459->9462 9461 80cfa1 9461->9450 9462->9461 9463->9453 9467 80d68a LeaveCriticalSection 9464->9467 9466 80cff6 9466->9415 9467->9466 9468 809b08 9469 809b1f 9468->9469 9470 809b12 9468->9470 9470->9469 9471 80bb0b ___std_exception_destroy 14 API calls 9470->9471 9471->9469 8568 80b08d 8569 80b02f __CallSettingFrame@12 __FrameHandler3::FrameUnwindToState 8568->8569 8570 80b0a8 8569->8570 8575 80b0cf 8569->8575 8572 80cd36 __FrameHandler3::FrameUnwindToState 41 API calls 8570->8572 8573 80b0ad __FrameHandler3::FrameUnwindToState 8570->8573 8574 80b0e8 8572->8574 8576 809b24 _unexpected 51 API calls 8575->8576 8577 80b0d4 8576->8577 8578 80b0df 8577->8578 8579 809b24 _unexpected 51 API calls 8577->8579 8578->8570 8579->8578 9472 806618 HeapSize 9473 812a1a IsProcessorFeaturePresent 9474 80c01c 9475 80c033 9474->9475 9490 80c02c 9474->9490 9476 80c054 GetModuleFileNameW 9475->9476 9477 80c03e 9475->9477 9480 80c079 9476->9480 9478 80baf8 ___std_exception_copy 14 API calls 9477->9478 9479 80c043 9478->9479 9481 80ba3a ___std_exception_copy 41 API calls 9479->9481 9497 80c2f3 9480->9497 9481->9490 9484 80c0bb 9487 80c0b4 9484->9487 9488 80c0f5 9484->9488 9485 80c0af 9486 80baf8 ___std_exception_copy 14 API calls 9485->9486 9486->9487 9489 80d52b __freea 14 API calls 9487->9489 9491 80c116 9488->9491 9492 80c10c 9488->9492 9489->9490 9495 80d52b __freea 14 API calls 9491->9495 9493 80d52b __freea 14 API calls 9492->9493 9494 80c114 9493->9494 9496 80d52b __freea 14 API calls 9494->9496 9495->9494 9496->9490 9498 80c304 9497->9498 9499 80c0a6 9497->9499 9498->9499 9500 80d6d2 _unexpected 14 API calls 9498->9500 9499->9484 9499->9485 9501 80c32d 9500->9501 9502 80d52b __freea 14 API calls 9501->9502 9502->9499 8580 80f39e 8581 80f3ab 8580->8581 8582 80d6d2 _unexpected 14 API calls 8581->8582 8583 80f3c5 8582->8583 8584 80d52b __freea 14 API calls 8583->8584 8585 80f3d1 8584->8585 8586 80d6d2 _unexpected 14 API calls 8585->8586 8590 80f3f7 8585->8590 8587 80f3eb 8586->8587 8589 80d52b __freea 14 API calls 8587->8589 8589->8590 8591 80f403 8590->8591 8592 80e983 8590->8592 8593 80e7c1 _unexpected 5 API calls 8592->8593 8594 80e99f 8593->8594 8595 80e9bd InitializeCriticalSectionAndSpinCount 8594->8595 8596 80e9a8 8594->8596 8595->8596 8596->8590 9506 809d20 9507 809d32 9506->9507 9509 809d40 9506->9509 9508 8073ee __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9507->9508 9508->9509 8597 80d9a6 8598 80ba4a ___std_exception_copy 11 API calls 8597->8598 8599 80d9b2 8598->8599 8600 80da0d 8599->8600 8601 80da2c FindFirstFileExW 8599->8601 8604 8073ee __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 8600->8604 8601->8600 8602 80da63 8601->8602 8603 80dac1 FindNextFileW 8602->8603 8607 80db0d FindClose 8602->8607 8603->8602 8605 80dad6 8603->8605 8606 80db27 8604->8606 8608 80daea FindClose 8605->8608 8611 810690 8605->8611 8607->8600 8608->8600 8612 8106ca 8611->8612 8613 80baf8 ___std_exception_copy 14 API calls 8612->8613 8618 8106de 8612->8618 8614 8106d3 8613->8614 8615 80ba3a ___std_exception_copy 41 API calls 8614->8615 8615->8618 8616 8073ee __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 8617 80db08 8616->8617 8617->8608 8618->8616 8619 80eaa6 GetProcessHeap 9510 807a26 9513 80bb93 9510->9513 9514 80d391 ___std_exception_copy 14 API calls 9513->9514 9515 807a37 9514->9515 9516 80ec27 9517 80ec33 __FrameHandler3::FrameUnwindToState 9516->9517 9528 80d642 EnterCriticalSection 9517->9528 9519 80ec3a 9520 80f663 42 API calls 9519->9520 9521 80ec49 9520->9521 9522 80ec58 9521->9522 9529 80eac1 GetStartupInfoW 9521->9529 9540 80ec7e 9522->9540 9528->9519 9530 80eb72 9529->9530 9531 80eade 9529->9531 9535 80eb77 9530->9535 9531->9530 9532 80f663 42 API calls 9531->9532 9533 80eb06 9532->9533 9533->9530 9534 80eb36 GetFileType 9533->9534 9534->9533 9537 80eb7e 9535->9537 9536 80ebc1 GetStdHandle 9536->9537 9537->9536 9538 80ec23 9537->9538 9539 80ebd4 GetFileType 9537->9539 9538->9522 9539->9537 9543 80d68a LeaveCriticalSection 9540->9543 9542 80ec69 9543->9542 8620 80f5a8 8624 80f4da 8620->8624 8621 80f4f4 8622 80f508 8621->8622 8623 80baf8 ___std_exception_copy 14 API calls 8621->8623 8625 80f4fe 8623->8625 8624->8621 8624->8622 8627 80f532 8624->8627 8626 80ba3a ___std_exception_copy 41 API calls 8625->8626 8626->8622 8627->8622 8628 80baf8 ___std_exception_copy 14 API calls 8627->8628 8628->8625 9547 810929 9548 8106de 9547->9548 9549 8073ee __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9548->9549 9550 8106eb 9549->9550 9551 80ae28 9554 80af9f 9551->9554 9553 80ae30 9555 80afe5 9554->9555 9556 80afaf 9554->9556 9555->9553 9556->9555 9557 809b24 _unexpected 51 API calls 9556->9557 9558 80afdb 9557->9558 9558->9553 8633 80a2a9 8634 8073ee __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 8633->8634 8635 80a2bb 8634->8635 8638 80abde 8635->8638 8639 80abec ___except_validate_context_record 8638->8639 8640 809b24 _unexpected 51 API calls 8639->8640 8641 80abf2 8640->8641 8642 80ac31 8641->8642 8643 80ac57 8641->8643 8646 80a2d4 8641->8646 8642->8646 8647 80afe9 8642->8647 8643->8646 8650 80a670 8643->8650 8700 80b001 8647->8700 8649 80affc 8649->8646 8651 80a690 __FrameHandler3::FrameUnwindToState 8650->8651 8656 80a772 8651->8656 8657 809b24 _unexpected 51 API calls 8651->8657 8662 80a9a8 8651->8662 8652 80cd36 __FrameHandler3::FrameUnwindToState 41 API calls 8653 80aa19 8652->8653 8654 80a97d 8655 80a97b 8654->8655 8654->8662 8729 80aa1a 8654->8729 8659 809b24 _unexpected 51 API calls 8655->8659 8656->8654 8658 80a7fb 8656->8658 8698 80a778 type_info::operator== 8656->8698 8661 80a6f2 8657->8661 8666 80a913 CallCatchBlock 8658->8666 8714 80a063 8658->8714 8659->8662 8663 80a9ae 8661->8663 8665 809b24 _unexpected 51 API calls 8661->8665 8662->8652 8662->8663 8663->8646 8667 80a700 8665->8667 8666->8655 8668 80a957 8666->8668 8669 80a96c 8666->8669 8670 809b24 _unexpected 51 API calls 8667->8670 8671 809b24 _unexpected 51 API calls 8668->8671 8672 80b0e9 IsInExceptionSpec 41 API calls 8669->8672 8679 80a708 8670->8679 8673 80a95c 8671->8673 8674 80a975 8672->8674 8676 809b24 _unexpected 51 API calls 8673->8676 8674->8655 8675 80a9d8 8674->8675 8678 809b24 _unexpected 51 API calls 8675->8678 8676->8698 8677 809b24 _unexpected 51 API calls 8680 80a751 8677->8680 8681 80a9dd 8678->8681 8679->8662 8679->8677 8680->8656 8685 809b24 _unexpected 51 API calls 8680->8685 8682 809b24 _unexpected 51 API calls 8681->8682 8686 80a9e5 8682->8686 8683 80cc9b _unexpected 41 API calls 8693 80a9b8 __InternalCxxFrameHandler CallCatchBlock 8683->8693 8684 80a81c ___TypeMatch 8684->8666 8719 80a5f0 8684->8719 8687 80a75b 8685->8687 8749 80a256 RtlUnwind 8686->8749 8688 809b24 _unexpected 51 API calls 8687->8688 8691 80a766 8688->8691 8709 80b0e9 8691->8709 8692 80a9f9 8695 80afe9 __InternalCxxFrameHandler 51 API calls 8692->8695 8746 80b2d6 8693->8746 8697 80aa05 __InternalCxxFrameHandler 8695->8697 8750 80af60 8697->8750 8698->8683 8698->8693 8701 80b00d __FrameHandler3::FrameUnwindToState 8700->8701 8702 809b24 _unexpected 51 API calls 8701->8702 8708 80b028 __CallSettingFrame@12 __FrameHandler3::FrameUnwindToState 8702->8708 8703 80b0a8 8705 80cd36 __FrameHandler3::FrameUnwindToState 41 API calls 8703->8705 8706 80b0ad __FrameHandler3::FrameUnwindToState 8703->8706 8704 80b0cf __FrameHandler3::FrameUnwindToState 51 API calls 8704->8703 8707 80b0e8 8705->8707 8706->8649 8708->8703 8708->8704 8710 80b17d 8709->8710 8713 80b0fd ___TypeMatch 8709->8713 8711 80cd36 __FrameHandler3::FrameUnwindToState 41 API calls 8710->8711 8712 80b182 8711->8712 8713->8656 8715 80a081 8714->8715 8716 80a0b7 8715->8716 8717 80cd36 __FrameHandler3::FrameUnwindToState 41 API calls 8715->8717 8716->8684 8718 80a0d2 8717->8718 8720 80a60f 8719->8720 8721 80a602 8719->8721 8766 80a256 RtlUnwind 8720->8766 8762 80a557 8721->8762 8724 80a624 8725 80b001 __FrameHandler3::FrameUnwindToState 51 API calls 8724->8725 8726 80a635 __FrameHandler3::FrameUnwindToState 8725->8726 8767 80ad9c 8726->8767 8728 80a65d __InternalCxxFrameHandler 8728->8684 8730 80aa30 8729->8730 8740 80ab45 8729->8740 8731 809b24 _unexpected 51 API calls 8730->8731 8732 80aa37 8731->8732 8733 80aa3e EncodePointer 8732->8733 8743 80aa79 8732->8743 8734 809b24 _unexpected 51 API calls 8733->8734 8741 80aa4c 8734->8741 8735 80aa96 8738 80a063 __InternalCxxFrameHandler 41 API calls 8735->8738 8736 80ab4a 8737 80cd36 __FrameHandler3::FrameUnwindToState 41 API calls 8736->8737 8739 80ab4f 8737->8739 8744 80aaad 8738->8744 8740->8655 8742 80a130 __InternalCxxFrameHandler 51 API calls 8741->8742 8741->8743 8742->8743 8743->8735 8743->8736 8743->8740 8744->8740 8745 80a5f0 __InternalCxxFrameHandler 53 API calls 8744->8745 8745->8744 8747 80b2f0 8746->8747 8748 80b31d RaiseException 8746->8748 8747->8748 8748->8675 8749->8692 8751 80af6c __EH_prolog3_catch 8750->8751 8752 809b24 _unexpected 51 API calls 8751->8752 8754 80af71 8752->8754 8753 80af94 8756 80cd36 __FrameHandler3::FrameUnwindToState 41 API calls 8753->8756 8754->8753 8829 80b20c 8754->8829 8758 80af99 8756->8758 8763 80a563 __FrameHandler3::FrameUnwindToState 8762->8763 8781 80a419 8763->8781 8765 80a58b __InternalCxxFrameHandler ___AdjustPointer 8765->8720 8766->8724 8768 80ada8 __FrameHandler3::FrameUnwindToState 8767->8768 8788 80a2da 8768->8788 8771 809b24 _unexpected 51 API calls 8772 80add4 8771->8772 8773 809b24 _unexpected 51 API calls 8772->8773 8774 80addf 8773->8774 8775 809b24 _unexpected 51 API calls 8774->8775 8776 80adea 8775->8776 8777 809b24 _unexpected 51 API calls 8776->8777 8778 80adf2 CallCatchBlock 8777->8778 8793 80aee4 8778->8793 8780 80aecc 8780->8728 8782 80a425 __FrameHandler3::FrameUnwindToState 8781->8782 8783 80cd36 __FrameHandler3::FrameUnwindToState 41 API calls 8782->8783 8784 80a4a0 __InternalCxxFrameHandler ___AdjustPointer 8782->8784 8785 80a556 __FrameHandler3::FrameUnwindToState 8783->8785 8784->8765 8786 80a419 __InternalCxxFrameHandler 41 API calls 8785->8786 8787 80a58b __InternalCxxFrameHandler ___AdjustPointer 8786->8787 8787->8765 8789 809b24 _unexpected 51 API calls 8788->8789 8790 80a2eb 8789->8790 8791 809b24 _unexpected 51 API calls 8790->8791 8792 80a2f6 8791->8792 8792->8771 8802 80a2fe 8793->8802 8795 80aef5 8796 809b24 _unexpected 51 API calls 8795->8796 8797 80aefb 8796->8797 8798 809b24 _unexpected 51 API calls 8797->8798 8800 80af06 8798->8800 8799 80af47 CallCatchBlock 8799->8780 8800->8799 8821 809a14 8800->8821 8803 809b24 _unexpected 51 API calls 8802->8803 8804 80a307 8803->8804 8805 80a31d 8804->8805 8806 80a30f 8804->8806 8807 809b24 _unexpected 51 API calls 8805->8807 8808 809b24 _unexpected 51 API calls 8806->8808 8810 80a322 8807->8810 8809 80a317 8808->8809 8809->8795 8810->8809 8811 80cd36 __FrameHandler3::FrameUnwindToState 41 API calls 8810->8811 8812 80a345 8811->8812 8813 8073ee __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 8812->8813 8814 80a35a 8813->8814 8815 80a365 8814->8815 8816 80abde __InternalCxxFrameHandler 54 API calls 8814->8816 8815->8795 8817 80a39d 8816->8817 8818 80a3b4 8817->8818 8824 80a256 RtlUnwind 8817->8824 8825 80a130 8818->8825 8822 809b24 _unexpected 51 API calls 8821->8822 8823 809a1c 8822->8823 8823->8799 8824->8818 8826 80a152 __InternalCxxFrameHandler 8825->8826 8828 80a140 8825->8828 8827 809b24 _unexpected 51 API calls 8826->8827 8827->8828 8828->8815 8830 809b24 _unexpected 51 API calls 8829->8830 8831 80b212 8830->8831 8832 80cc9b _unexpected 41 API calls 8831->8832 8833 80b228 8832->8833 8834 8144aa 8835 8073ee __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 8834->8835 8836 8144bb 8835->8836 8837 80dbab 8838 80dbb8 8837->8838 8839 80dbc8 8837->8839 8838->8839 8840 80d52b __freea 14 API calls 8838->8840 8841 80d52b __freea 14 API calls 8839->8841 8840->8838 8842 80dbd0 8841->8842 9559 80662d 9562 806596 9559->9562 9561 806638 _AnonymousOriginator 9563 8065b1 9562->9563 9564 8065a2 9562->9564 9563->9561 9564->9563 9565 8065a8 HeapDestroy 9564->9565 9565->9563 9566 81212f 9567 812138 9566->9567 9568 8121de 9567->9568 9570 81215f 9567->9570 9571 8132d7 20 API calls 9568->9571 9569 813200 9570->9569 9573 8132d7 20 API calls 9570->9573 9572 8121ee 9571->9572 9574 8131fe 9573->9574 8843 8097b0 8844 8097ce __InternalCxxFrameHandler 8843->8844 8855 809770 8844->8855 8856 809782 8855->8856 8857 80978f 8855->8857 8858 8073ee __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 8856->8858 8858->8857 9575 812a30 9578 812a4e 9575->9578 9577 812a46 9580 812a53 9578->9580 9579 813313 15 API calls 9581 812c7f 9579->9581 9580->9579 9582 812ae8 9580->9582 9581->9577 9582->9577 8859 8065b2 HeapAlloc 9583 80ae32 9584 809b24 _unexpected 51 API calls 9583->9584 9585 80ae3a __FrameHandler3::FrameUnwindToState 9584->9585 9586 80b001 __FrameHandler3::FrameUnwindToState 51 API calls 9585->9586 9587 80aeab 9586->9587 9588 80aee4 CallCatchBlock 54 API calls 9587->9588 9589 80aecc 9588->9589 8860 80d9b3 8861 80d9de 8860->8861 8862 80da2c FindFirstFileExW 8861->8862 8863 80da0d 8861->8863 8862->8863 8866 80da63 8862->8866 8865 8073ee __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 8863->8865 8864 80dac1 FindNextFileW 8864->8866 8867 80dad6 8864->8867 8868 80db27 8865->8868 8866->8864 8869 80db0d FindClose 8866->8869 8870 80daea FindClose 8867->8870 8871 810690 41 API calls 8867->8871 8869->8863 8870->8863 8872 80db08 8871->8872 8872->8870 9590 80c934 9593 80c525 9590->9593 9592 80c939 9594 80c531 __EH_prolog3 9593->9594 9603 80c4ef 9594->9603 9601 80c4c0 14 API calls 9602 80c568 __FrameHandler3::FrameUnwindToState 9601->9602 9602->9592 9604 80c501 9603->9604 9605 80c507 9603->9605 9606 80c4c0 14 API calls 9604->9606 9607 80c50a 9605->9607 9606->9605 9608 80c522 9607->9608 9609 80c51c 9607->9609 9611 80c4c0 9608->9611 9610 80c4c0 14 API calls 9609->9610 9610->9608 9612 80c4cd 9611->9612 9616 80c4ea 9611->9616 9613 80c4e4 9612->9613 9615 80d52b __freea 14 API calls 9612->9615 9614 80d52b __freea 14 API calls 9613->9614 9614->9616 9615->9612 9616->9601 8873 80eab8 GetStartupInfoW 8874 80eb72 8873->8874 8875 80eade 8873->8875 8875->8874 8879 80f663 8875->8879 8877 80eb06 8877->8874 8878 80eb36 GetFileType 8877->8878 8878->8877 8880 80f66f __FrameHandler3::FrameUnwindToState 8879->8880 8881 80f678 8880->8881 8882 80f699 8880->8882 8883 80baf8 ___std_exception_copy 14 API calls 8881->8883 8892 80d642 EnterCriticalSection 8882->8892 8885 80f67d 8883->8885 8886 80ba3a ___std_exception_copy 41 API calls 8885->8886 8887 80f687 8886->8887 8887->8877 8888 80f6d1 8900 80f6f8 8888->8900 8890 80f6a5 8890->8888 8893 80f5b3 8890->8893 8892->8890 8894 80d6d2 _unexpected 14 API calls 8893->8894 8896 80f5c5 8894->8896 8895 80f5d2 8897 80d52b __freea 14 API calls 8895->8897 8896->8895 8899 80e983 6 API calls 8896->8899 8898 80f627 8897->8898 8898->8890 8899->8896 8903 80d68a LeaveCriticalSection 8900->8903 8902 80f6ff 8902->8887 8903->8902 9617 80a53a 9618 80a551 9617->9618 9619 80cd36 __FrameHandler3::FrameUnwindToState 41 API calls 9618->9619 9620 80a556 __FrameHandler3::FrameUnwindToState 9619->9620 9621 80a419 __InternalCxxFrameHandler 41 API calls 9620->9621 9622 80a58b __InternalCxxFrameHandler ___AdjustPointer 9621->9622 9623 81453b 9624 8073ee __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9623->9624 9625 81454f 9624->9625 9626 8073ee __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9625->9626 9627 814559 9626->9627 9628 807a3a 9629 807d04 __FrameHandler3::FrameUnwindToState GetModuleHandleW 9628->9629 9630 807a42 9629->9630 9631 807a46 9630->9631 9632 807a78 9630->9632 9634 807a51 9631->9634 9637 80bfab 9631->9637 9633 80bfc9 __FrameHandler3::FrameUnwindToState 23 API calls 9632->9633 9635 807a80 9633->9635 9638 80be30 __FrameHandler3::FrameUnwindToState 23 API calls 9637->9638 9639 80bfb6 9638->9639 9639->9634 8904 80c8bd 8905 80d52b __freea 14 API calls 8904->8905 8906 80c8cb 8905->8906 8907 80d52b __freea 14 API calls 8906->8907 8908 80c8de 8907->8908 8909 80d52b __freea 14 API calls 8908->8909 8910 80c8ef 8909->8910 8911 80d52b __freea 14 API calls 8910->8911 8912 80c900 8911->8912 9640 80ad3f 9643 80b2b7 9640->9643 9644 80b2c4 9643->9644 9646 80ad4e 9643->9646 9645 80bb0b ___std_exception_destroy 14 API calls 9644->9645 9645->9646 9647 807840 9648 807848 9647->9648 9664 80cb20 9648->9664 9650 807853 9651 807690 4 API calls 9650->9651 9653 807868 __RTC_Initialize 9651->9653 9652 807bb0 4 API calls 9654 8078ea 9652->9654 9655 80781d 44 API calls 9653->9655 9662 8078c5 9653->9662 9656 807881 9655->9656 9656->9662 9671 808083 InitializeSListHead 9656->9671 9658 807897 9672 808092 9658->9672 9660 8078ba 9678 80cbfd 9660->9678 9662->9652 9663 8078e2 9662->9663 9665 80cb52 9664->9665 9666 80cb2f 9664->9666 9665->9650 9666->9665 9667 80baf8 ___std_exception_copy 14 API calls 9666->9667 9668 80cb42 9667->9668 9669 80ba3a ___std_exception_copy 41 API calls 9668->9669 9670 80cb4d 9669->9670 9670->9650 9671->9658 9685 80ccd7 9672->9685 9674 8080a3 9675 8080aa 9674->9675 9676 807bb0 4 API calls 9674->9676 9675->9660 9677 8080b2 9676->9677 9679 80d240 _unexpected 41 API calls 9678->9679 9680 80cc08 9679->9680 9681 80cc40 9680->9681 9682 80baf8 ___std_exception_copy 14 API calls 9680->9682 9681->9662 9683 80cc35 9682->9683 9684 80ba3a ___std_exception_copy 41 API calls 9683->9684 9684->9681 9686 80ccf5 9685->9686 9690 80cd15 9685->9690 9687 80baf8 ___std_exception_copy 14 API calls 9686->9687 9688 80cd0b 9687->9688 9689 80ba3a ___std_exception_copy 41 API calls 9688->9689 9689->9690 9690->9674 8916 80ccc7 8917 80ccca 8916->8917 8918 80cd36 __FrameHandler3::FrameUnwindToState 41 API calls 8917->8918 8919 80ccd6 8918->8919 8920 8065c7 8921 8065d0 HeapFree 8920->8921 8922 8065de 8920->8922 8921->8922 9695 80734c DeleteCriticalSection 9696 8073cc 9695->9696 9697 8073db 9696->9697 9698 80bb0b ___std_exception_destroy 14 API calls 9696->9698 9698->9697 9699 80704d 9700 80705e 9699->9700 9702 80706f 9700->9702 9703 8071bf 9700->9703 9704 8071de 9703->9704 9705 807233 9704->9705 9706 8070a4 14 API calls 9704->9706 9707 80720a 9706->9707 9707->9702 9708 80c34e 9721 80e674 GetEnvironmentStringsW 9708->9721 9710 80c35f 9711 80c371 9710->9711 9712 80c365 9710->9712 9728 80c3a2 9711->9728 9713 80d52b __freea 14 API calls 9712->9713 9715 80c36b 9713->9715 9717 80d52b __freea 14 API calls 9718 80c395 9717->9718 9719 80d52b __freea 14 API calls 9718->9719 9720 80c39b 9719->9720 9722 80e683 9721->9722 9723 80e685 9721->9723 9722->9710 9724 80fac8 15 API calls 9723->9724 9725 80e69a __InternalCxxFrameHandler 9724->9725 9726 80d52b __freea 14 API calls 9725->9726 9727 80e6b4 FreeEnvironmentStringsW 9726->9727 9727->9710 9731 80c3c1 9728->9731 9729 80d6d2 _unexpected 14 API calls 9730 80c401 9729->9730 9732 80c409 9730->9732 9738 80c413 9730->9738 9731->9729 9731->9731 9733 80d52b __freea 14 API calls 9732->9733 9735 80c378 9733->9735 9734 80c488 9736 80d52b __freea 14 API calls 9734->9736 9735->9717 9736->9735 9737 80d6d2 _unexpected 14 API calls 9737->9738 9738->9734 9738->9737 9739 80c498 9738->9739 9741 80b6ca 41 API calls 9738->9741 9744 80c4b3 9738->9744 9747 80d52b __freea 14 API calls 9738->9747 9740 80c4c0 14 API calls 9739->9740 9742 80c49e 9740->9742 9741->9738 9743 80d52b __freea 14 API calls 9742->9743 9745 80c4a6 9743->9745 9746 80ba4a ___std_exception_copy 11 API calls 9744->9746 9748 80d52b __freea 14 API calls 9745->9748 9749 80c4bf 9746->9749 9747->9738 9748->9735 9750 807d53 9751 807d8a 9750->9751 9753 807d65 9750->9753 9753->9751 9759 809ab5 9753->9759 9757 80cc9b _unexpected 41 API calls 9758 807da8 9757->9758 9760 809b24 _unexpected 51 API calls 9759->9760 9761 807d97 9760->9761 9762 809abe 9761->9762 9763 809b24 _unexpected 51 API calls 9762->9763 9764 807da1 9763->9764 9764->9757 8923 8072d6 8924 8072de 8923->8924 8930 806511 InitializeCriticalSectionAndSpinCount 8924->8930 8927 80731e 8928 807309 IsDebuggerPresent 8928->8927 8929 807313 OutputDebugStringW 8928->8929 8929->8927 8931 806520 GetLastError 8930->8931 8932 80652c 8930->8932 8931->8932 8932->8927 8932->8928 8933 80cbd6 8936 80cb5d 8933->8936 8937 80cb69 __FrameHandler3::FrameUnwindToState 8936->8937 8944 80d642 EnterCriticalSection 8937->8944 8939 80cba1 8949 80cbbf 8939->8949 8940 80cb73 8940->8939 8945 80ffd7 8940->8945 8944->8940 8946 80ffe5 _unexpected 8945->8946 8948 80fff2 8945->8948 8947 80fd0a _unexpected 14 API calls 8946->8947 8946->8948 8947->8948 8948->8940 8952 80d68a LeaveCriticalSection 8949->8952 8951 80cbad 8952->8951 8953 80ace0 8956 80ad13 8953->8956 8959 80b254 8956->8959 8960 80b261 ___std_exception_copy 8959->8960 8964 80acee 8959->8964 8961 80b28e 8960->8961 8960->8964 8965 80cd85 8960->8965 8963 80bb0b ___std_exception_destroy 14 API calls 8961->8963 8963->8964 8966 80cd93 8965->8966 8967 80cda1 8965->8967 8966->8967 8972 80cdb9 8966->8972 8968 80baf8 ___std_exception_copy 14 API calls 8967->8968 8969 80cda9 8968->8969 8970 80ba3a ___std_exception_copy 41 API calls 8969->8970 8971 80cdb3 8970->8971 8971->8961 8972->8971 8973 80baf8 ___std_exception_copy 14 API calls 8972->8973 8973->8969 8974 8120e1 8975 812101 8974->8975 8978 812138 8975->8978 8977 81212b 8979 81213f 8978->8979 8980 8121de 8979->8980 8982 81215f 8979->8982 8987 8132d7 8980->8987 8981 813200 8981->8977 8982->8977 8982->8981 8985 8132d7 20 API calls 8982->8985 8986 8131fe 8985->8986 8986->8977 8988 8132e0 8987->8988 8991 81374f 8988->8991 8992 81378e __startOneArgErrorHandling 8991->8992 8996 813810 __startOneArgErrorHandling 8992->8996 8999 813be8 8992->8999 8995 813845 8997 8073ee __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 8995->8997 8996->8995 9002 813f01 8996->9002 8998 8121ee 8997->8998 8998->8977 9009 813c0b 8999->9009 9003 813f23 9002->9003 9004 813f0e 9002->9004 9006 80baf8 ___std_exception_copy 14 API calls 9003->9006 9005 813f28 9004->9005 9007 80baf8 ___std_exception_copy 14 API calls 9004->9007 9005->8995 9006->9005 9008 813f1b 9007->9008 9008->8995 9010 813c36 __raise_exc 9009->9010 9011 813e2f RaiseException 9010->9011 9012 813c06 9011->9012 9012->8996 9013 8065e2 9014 8065f5 9013->9014 9016 8065ec 9013->9016 9015 806605 HeapReAlloc 9014->9015 9014->9016 9015->9016 9017 80a3e3 9018 80abde __InternalCxxFrameHandler 54 API calls 9017->9018 9019 80a409 9018->9019 9020 80d4e5 9028 80e884 9020->9028 9023 80d391 ___std_exception_copy 14 API calls 9024 80d501 9023->9024 9025 80d50e 9024->9025 9033 80d511 9024->9033 9027 80d4f9 9029 80e7c1 _unexpected 5 API calls 9028->9029 9030 80e8a0 9029->9030 9031 80e8b8 TlsAlloc 9030->9031 9032 80d4ef 9030->9032 9031->9032 9032->9023 9032->9027 9034 80d521 9033->9034 9035 80d51b 9033->9035 9034->9027 9037 80e8c3 9035->9037 9038 80e7c1 _unexpected 5 API calls 9037->9038 9039 80e8df 9038->9039 9040 80e8e8 9039->9040 9041 80e8fa TlsFree 9039->9041 9040->9034 9765 80f466 9766 80f395 ___scrt_uninitialize_crt 70 API calls 9765->9766 9767 80f46e 9766->9767 9775 811a57 9767->9775 9769 80f473 9785 811b02 9769->9785 9772 80f49d 9773 80d52b __freea 14 API calls 9772->9773 9774 80f4a8 9773->9774 9776 811a63 __FrameHandler3::FrameUnwindToState 9775->9776 9789 80d642 EnterCriticalSection 9776->9789 9778 811a6e 9779 811ada 9778->9779 9782 811aae DeleteCriticalSection 9778->9782 9790 8120a3 9778->9790 9796 811af9 9779->9796 9784 80d52b __freea 14 API calls 9782->9784 9784->9778 9786 811b19 9785->9786 9788 80f482 DeleteCriticalSection 9785->9788 9787 80d52b __freea 14 API calls 9786->9787 9786->9788 9787->9788 9788->9769 9788->9772 9789->9778 9791 8120b6 ___std_exception_copy 9790->9791 9799 811f7e 9791->9799 9793 8120c2 9794 80b776 ___std_exception_copy 41 API calls 9793->9794 9795 8120ce 9794->9795 9795->9778 9871 80d68a LeaveCriticalSection 9796->9871 9798 811ae6 9798->9769 9800 811f8a __FrameHandler3::FrameUnwindToState 9799->9800 9801 811f94 9800->9801 9802 811fb7 9800->9802 9803 80b9bd ___std_exception_copy 41 API calls 9801->9803 9809 811faf 9802->9809 9810 80f4b2 EnterCriticalSection 9802->9810 9803->9809 9805 811fd5 9811 812015 9805->9811 9807 811fe2 9825 81200d 9807->9825 9809->9793 9810->9805 9812 812022 9811->9812 9813 812045 9811->9813 9814 80b9bd ___std_exception_copy 41 API calls 9812->9814 9815 81203d 9813->9815 9816 80f2c7 ___scrt_uninitialize_crt 66 API calls 9813->9816 9814->9815 9815->9807 9817 81205d 9816->9817 9818 811b02 14 API calls 9817->9818 9819 812065 9818->9819 9820 81065c ___scrt_uninitialize_crt 41 API calls 9819->9820 9821 812071 9820->9821 9828 81289c 9821->9828 9824 80d52b __freea 14 API calls 9824->9815 9870 80f4c6 LeaveCriticalSection 9825->9870 9827 812013 9827->9809 9829 8128c5 9828->9829 9834 812078 9828->9834 9830 812914 9829->9830 9832 8128ec 9829->9832 9831 80b9bd ___std_exception_copy 41 API calls 9830->9831 9831->9834 9835 81280b 9832->9835 9834->9815 9834->9824 9836 812817 __FrameHandler3::FrameUnwindToState 9835->9836 9843 80f701 EnterCriticalSection 9836->9843 9838 812825 9839 812856 9838->9839 9844 81293f 9838->9844 9857 812890 9839->9857 9843->9838 9845 80f7d8 ___scrt_uninitialize_crt 41 API calls 9844->9845 9848 81294f 9845->9848 9846 812955 9860 80f747 9846->9860 9848->9846 9849 812987 9848->9849 9852 80f7d8 ___scrt_uninitialize_crt 41 API calls 9848->9852 9849->9846 9850 80f7d8 ___scrt_uninitialize_crt 41 API calls 9849->9850 9854 812993 CloseHandle 9850->9854 9851 8129ad ___scrt_uninitialize_crt 9851->9839 9853 81297e 9852->9853 9855 80f7d8 ___scrt_uninitialize_crt 41 API calls 9853->9855 9854->9846 9856 81299f GetLastError 9854->9856 9855->9849 9856->9846 9869 80f724 LeaveCriticalSection 9857->9869 9859 812879 9859->9834 9861 80f756 9860->9861 9862 80f7bd 9860->9862 9861->9862 9867 80f780 9861->9867 9863 80baf8 ___std_exception_copy 14 API calls 9862->9863 9864 80f7c2 9863->9864 9865 80bae5 ___scrt_uninitialize_crt 14 API calls 9864->9865 9866 80f7ad 9865->9866 9866->9851 9867->9866 9868 80f7a7 SetStdHandle 9867->9868 9868->9866 9869->9859 9870->9827 9871->9798 9045 80a5e7 9046 80cd36 __FrameHandler3::FrameUnwindToState 41 API calls 9045->9046 9047 80a5ef 9046->9047 9872 80c96a 9873 809759 ___scrt_uninitialize_crt 7 API calls 9872->9873 9874 80c971 9873->9874 9875 80996e 9878 8099bc 9875->9878 9879 809979 9878->9879 9880 8099c5 9878->9880 9880->9879 9881 809b24 _unexpected 51 API calls 9880->9881 9882 809a00 9881->9882 9883 809b24 _unexpected 51 API calls 9882->9883 9884 809a0b 9883->9884 9885 80cc9b _unexpected 41 API calls 9884->9885 9886 809a13 9885->9886 9887 80ad6f 9888 80b2b7 ___std_exception_destroy 14 API calls 9887->9888 9889 80ad84 _AnonymousOriginator 9888->9889 9048 8121f1 9049 812215 9048->9049 9050 81222e 9049->9050 9052 813507 __startOneArgErrorHandling 9049->9052 9051 812278 9050->9051 9056 813313 9050->9056 9055 813549 __startOneArgErrorHandling 9052->9055 9064 8138a1 9052->9064 9057 813326 DecodePointer 9056->9057 9058 813336 9056->9058 9057->9058 9059 81337a 9058->9059 9060 813365 9058->9060 9061 8133c1 9058->9061 9059->9061 9062 80baf8 ___std_exception_copy 14 API calls 9059->9062 9060->9061 9063 80baf8 ___std_exception_copy 14 API calls 9060->9063 9061->9051 9062->9061 9063->9061 9065 8138da __startOneArgErrorHandling 9064->9065 9066 813c0b __raise_exc RaiseException 9065->9066 9067 813901 __startOneArgErrorHandling 9065->9067 9066->9067 9068 813944 9067->9068 9069 81391f 9067->9069 9070 813f01 __startOneArgErrorHandling 14 API calls 9068->9070 9075 813f30 9069->9075 9072 81393f __startOneArgErrorHandling 9070->9072 9073 8073ee __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9072->9073 9074 813968 9073->9074 9074->9055 9076 813f3d 9075->9076 9077 813f4c __startOneArgErrorHandling 9076->9077 9078 813f7b __startOneArgErrorHandling 9076->9078 9079 813f01 __startOneArgErrorHandling 14 API calls 9077->9079 9081 813fc9 9078->9081 9082 813f01 __startOneArgErrorHandling 14 API calls 9078->9082 9080 813f65 9079->9080 9080->9072 9081->9072 9082->9081 9890 80ea70 9891 80eaa1 9890->9891 9892 80ea7b 9890->9892 9892->9891 9893 80ea8b FreeLibrary 9892->9893 9893->9892 9083 80e4f1 GetCommandLineA GetCommandLineW 9084 8078f3 9089 807d47 SetUnhandledExceptionFilter 9084->9089 9086 8078f8 9090 80cc66 9086->9090 9088 807903 9089->9086 9091 80cc72 9090->9091 9092 80cc8c 9090->9092 9091->9092 9093 80baf8 ___std_exception_copy 14 API calls 9091->9093 9092->9088 9094 80cc7c 9093->9094 9095 80ba3a ___std_exception_copy 41 API calls 9094->9095 9096 80cc87 9095->9096 9096->9088 9894 80c973 9897 80c98a 9894->9897 9898 80c986 9897->9898 9899 80c99e 9897->9899 9899->9898 9900 80d52b __freea 14 API calls 9899->9900 9900->9898 9901 80d975 9908 80dbf8 9901->9908 9904 80d98b 9906 80d52b __freea 14 API calls 9904->9906 9905 80d52b __freea 14 API calls 9905->9904 9907 80d930 9906->9907 9909 80d97f 9908->9909 9910 80dc0a 9908->9910 9909->9904 9909->9905 9911 80dc35 9910->9911 9912 80dc0f 9910->9912 9911->9909 9914 80bb26 44 API calls 9911->9914 9913 80d6d2 _unexpected 14 API calls 9912->9913 9915 80dc18 9913->9915 9916 80dc55 9914->9916 9917 80d52b __freea 14 API calls 9915->9917 9918 80d52b __freea 14 API calls 9916->9918 9917->9909 9918->9909 9097 810df7 9100 80e20d 9097->9100 9101 80e248 9100->9101 9102 80e216 9100->9102 9106 80d2fb 9102->9106 9107 80d306 9106->9107 9112 80d30c 9106->9112 9108 80e902 _unexpected 6 API calls 9107->9108 9108->9112 9109 80e941 _unexpected 6 API calls 9110 80d326 9109->9110 9111 80d312 9110->9111 9113 80d6d2 _unexpected 14 API calls 9110->9113 9114 80cd36 __FrameHandler3::FrameUnwindToState 41 API calls 9111->9114 9115 80d317 9111->9115 9112->9109 9112->9111 9116 80d336 9113->9116 9117 80d390 9114->9117 9131 80e018 9115->9131 9118 80d353 9116->9118 9119 80d33e 9116->9119 9121 80e941 _unexpected 6 API calls 9118->9121 9120 80e941 _unexpected 6 API calls 9119->9120 9122 80d34a 9120->9122 9123 80d35f 9121->9123 9127 80d52b __freea 14 API calls 9122->9127 9124 80d372 9123->9124 9125 80d363 9123->9125 9126 80d06e _unexpected 14 API calls 9124->9126 9128 80e941 _unexpected 6 API calls 9125->9128 9129 80d37d 9126->9129 9127->9111 9128->9122 9130 80d52b __freea 14 API calls 9129->9130 9130->9115 9154 80e16d 9131->9154 9136 80e05b 9136->9101 9138 80e06c 9139 80e082 9138->9139 9140 80e074 9138->9140 9179 80e268 9139->9179 9141 80d52b __freea 14 API calls 9140->9141 9141->9136 9144 80e0ba 9145 80baf8 ___std_exception_copy 14 API calls 9144->9145 9146 80e0bf 9145->9146 9147 80d52b __freea 14 API calls 9146->9147 9147->9136 9148 80e0d5 9150 80d52b __freea 14 API calls 9148->9150 9152 80e101 9148->9152 9149 80d52b __freea 14 API calls 9149->9136 9150->9152 9153 80e14a 9152->9153 9190 80dc8a 9152->9190 9153->9149 9155 80e179 __FrameHandler3::FrameUnwindToState 9154->9155 9161 80e193 9155->9161 9198 80d642 EnterCriticalSection 9155->9198 9157 80e1a3 9163 80d52b __freea 14 API calls 9157->9163 9164 80e1cf 9157->9164 9158 80e042 9165 80dd98 9158->9165 9160 80cd36 __FrameHandler3::FrameUnwindToState 41 API calls 9162 80e20c 9160->9162 9161->9158 9161->9160 9163->9164 9199 80e1ec 9164->9199 9203 80db29 9165->9203 9168 80ddb9 GetOEMCP 9171 80dde2 9168->9171 9169 80ddcb 9170 80ddd0 GetACP 9169->9170 9169->9171 9170->9171 9171->9136 9172 80fac8 9171->9172 9173 80fb06 9172->9173 9177 80fad6 _unexpected 9172->9177 9175 80baf8 ___std_exception_copy 14 API calls 9173->9175 9174 80faf1 HeapAlloc 9176 80fb04 9174->9176 9174->9177 9175->9176 9176->9138 9177->9173 9177->9174 9178 80ed5b _unexpected 2 API calls 9177->9178 9178->9177 9180 80dd98 43 API calls 9179->9180 9181 80e288 9180->9181 9183 80e2c5 IsValidCodePage 9181->9183 9187 80e301 __FrameHandler3::FrameUnwindToState 9181->9187 9182 8073ee __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9184 80e0af 9182->9184 9185 80e2d7 9183->9185 9183->9187 9184->9144 9184->9148 9186 80e306 GetCPInfo 9185->9186 9189 80e2e0 __FrameHandler3::FrameUnwindToState 9185->9189 9186->9187 9186->9189 9187->9182 9242 80de6c 9189->9242 9191 80dc96 __FrameHandler3::FrameUnwindToState 9190->9191 9326 80d642 EnterCriticalSection 9191->9326 9193 80dca0 9327 80dcd7 9193->9327 9198->9157 9202 80d68a LeaveCriticalSection 9199->9202 9201 80e1f3 9201->9161 9202->9201 9204 80db40 9203->9204 9205 80db47 9203->9205 9204->9168 9204->9169 9205->9204 9206 80d240 _unexpected 41 API calls 9205->9206 9207 80db68 9206->9207 9211 81046d 9207->9211 9212 810480 9211->9212 9214 80db7e 9211->9214 9212->9214 9219 80ff56 9212->9219 9215 8104cb 9214->9215 9216 8104f3 9215->9216 9217 8104de 9215->9217 9216->9204 9217->9216 9237 80e255 9217->9237 9220 80ff62 __FrameHandler3::FrameUnwindToState 9219->9220 9221 80d240 _unexpected 41 API calls 9220->9221 9222 80ff6b 9221->9222 9223 80ffb1 9222->9223 9232 80d642 EnterCriticalSection 9222->9232 9223->9214 9225 80ff89 9226 80ffd7 ___scrt_uninitialize_crt 14 API calls 9225->9226 9227 80ff9a 9226->9227 9233 80ffb6 9227->9233 9230 80cd36 __FrameHandler3::FrameUnwindToState 41 API calls 9231 80ffd6 9230->9231 9232->9225 9236 80d68a LeaveCriticalSection 9233->9236 9235 80ffad 9235->9223 9235->9230 9236->9235 9238 80d240 _unexpected 41 API calls 9237->9238 9239 80e25a 9238->9239 9240 80e16d ___scrt_uninitialize_crt 41 API calls 9239->9240 9241 80e265 9240->9241 9241->9216 9243 80de94 GetCPInfo 9242->9243 9244 80df5d 9242->9244 9243->9244 9249 80deac 9243->9249 9246 8073ee __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9244->9246 9247 80e016 9246->9247 9247->9187 9253 80fb64 9249->9253 9252 810dae 45 API calls 9252->9244 9254 80db29 41 API calls 9253->9254 9255 80fb84 9254->9255 9273 80e50a 9255->9273 9257 80fc48 9260 8073ee __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9257->9260 9258 80fc40 9276 80fc6d 9258->9276 9259 80fbb1 9259->9257 9259->9258 9262 80fac8 15 API calls 9259->9262 9264 80fbd6 __FrameHandler3::FrameUnwindToState __alloca_probe_16 9259->9264 9263 80df14 9260->9263 9262->9264 9268 810dae 9263->9268 9264->9258 9265 80e50a ___scrt_uninitialize_crt MultiByteToWideChar 9264->9265 9266 80fc21 9265->9266 9266->9258 9267 80fc2c GetStringTypeW 9266->9267 9267->9258 9269 80db29 41 API calls 9268->9269 9270 810dc1 9269->9270 9280 810bc0 9270->9280 9274 80e51b MultiByteToWideChar 9273->9274 9274->9259 9277 80fc79 9276->9277 9279 80fc8a 9276->9279 9278 80d52b __freea 14 API calls 9277->9278 9277->9279 9278->9279 9279->9257 9281 810bdb 9280->9281 9282 80e50a ___scrt_uninitialize_crt MultiByteToWideChar 9281->9282 9287 810c21 9282->9287 9283 810d99 9284 8073ee __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9283->9284 9286 80df35 9284->9286 9285 810ccd 9289 80fc6d __freea 14 API calls 9285->9289 9286->9252 9287->9283 9287->9285 9288 80fac8 15 API calls 9287->9288 9290 810c47 __alloca_probe_16 9287->9290 9288->9290 9289->9283 9290->9285 9291 80e50a ___scrt_uninitialize_crt MultiByteToWideChar 9290->9291 9292 810c8c 9291->9292 9292->9285 9308 80e9ce 9292->9308 9295 810cf6 9296 810d81 9295->9296 9298 80fac8 15 API calls 9295->9298 9301 810d08 __alloca_probe_16 9295->9301 9299 80fc6d __freea 14 API calls 9296->9299 9297 810cbe 9297->9285 9300 80e9ce 6 API calls 9297->9300 9298->9301 9299->9285 9300->9285 9301->9296 9302 80e9ce 6 API calls 9301->9302 9303 810d4b 9302->9303 9303->9296 9314 80e586 9303->9314 9305 810d65 9305->9296 9306 810d6e 9305->9306 9307 80fc6d __freea 14 API calls 9306->9307 9307->9285 9317 80e6c2 9308->9317 9312 80ea1f LCMapStringW 9313 80e9df 9312->9313 9313->9285 9313->9295 9313->9297 9316 80e59d WideCharToMultiByte 9314->9316 9316->9305 9318 80e7c1 _unexpected 5 API calls 9317->9318 9319 80e6d8 9318->9319 9319->9313 9320 80ea2b 9319->9320 9323 80e6dc 9320->9323 9322 80ea36 9322->9312 9324 80e7c1 _unexpected 5 API calls 9323->9324 9325 80e6f2 9324->9325 9325->9322 9326->9193 9337 80e470 9327->9337 9329 80dcf9 9330 80e470 41 API calls 9329->9330 9331 80dd18 9330->9331 9332 80d52b __freea 14 API calls 9331->9332 9333 80dcad 9331->9333 9332->9333 9334 80dccb 9333->9334 9351 80d68a LeaveCriticalSection 9334->9351 9336 80dcb9 9336->9153 9338 80e481 9337->9338 9347 80e47d __InternalCxxFrameHandler 9337->9347 9339 80e488 9338->9339 9341 80e49b __FrameHandler3::FrameUnwindToState 9338->9341 9340 80baf8 ___std_exception_copy 14 API calls 9339->9340 9342 80e48d 9340->9342 9344 80e4d2 9341->9344 9345 80e4c9 9341->9345 9341->9347 9343 80ba3a ___std_exception_copy 41 API calls 9342->9343 9343->9347 9344->9347 9349 80baf8 ___std_exception_copy 14 API calls 9344->9349 9346 80baf8 ___std_exception_copy 14 API calls 9345->9346 9348 80e4ce 9346->9348 9347->9329 9350 80ba3a ___std_exception_copy 41 API calls 9348->9350 9349->9348 9350->9347 9351->9336 9352 8073fc 9363 807423 InitializeCriticalSectionAndSpinCount GetModuleHandleW 9352->9363 9354 807401 9374 807690 9354->9374 9356 807408 9357 80741b 9356->9357 9358 80740d 9356->9358 9359 807bb0 4 API calls 9357->9359 9360 80781d 44 API calls 9358->9360 9362 807422 9359->9362 9361 807417 9360->9361 9364 807446 GetModuleHandleW 9363->9364 9365 807457 GetProcAddress GetProcAddress 9363->9365 9364->9365 9366 80749d 9364->9366 9367 807475 9365->9367 9368 807487 CreateEventW 9365->9368 9370 807bb0 4 API calls 9366->9370 9367->9368 9369 807479 9367->9369 9368->9366 9368->9369 9369->9354 9371 8074a4 DeleteCriticalSection 9370->9371 9372 8074c0 9371->9372 9373 8074b9 CloseHandle 9371->9373 9372->9354 9373->9372 9375 8076a0 9374->9375 9376 80769c 9374->9376 9377 807bb0 4 API calls 9375->9377 9379 8076ad ___scrt_release_startup_lock 9375->9379 9376->9356 9378 807716 9377->9378 9379->9356

                                                                                                                                                                            Executed Functions

                                                                                                                                                                            Function 00806C1E Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 61libraryloaderCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll,SetDefaultDllDirectories), ref: 00806C2C
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 00806C33
                                                                                                                                                                            • LoadLibraryExW.KERNELBASE(?,00000000,00000000), ref: 00806C72
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,DllEntry), ref: 00806C8D
                                                                                                                                                                            • GetCommandLineW.KERNEL32(?), ref: 00806C9C
                                                                                                                                                                            • FreeLibrary.KERNELBASE(00000000), ref: 00806CAF
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.1672719636.0000000000801000.00000020.00000001.01000000.00000007.sdmp, Offset: 00800000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.1672608353.0000000000800000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.1672926194.0000000000815000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.1672948047.0000000000817000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_800000_BraveUpdate.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AddressLibraryProc$CommandFreeHandleLineLoadModule
                                                                                                                                                                            • String ID: DllEntry$SetDefaultDllDirectories$kernel32.dll
                                                                                                                                                                            • API String ID: 1042781669-3472957018
                                                                                                                                                                            • Opcode ID: eb38668d16dde9f679acb596807dbef16c37733d7901203e4b05b1df1b3e4743
                                                                                                                                                                            • Instruction ID: 9361046ae3430d4f533048fd27ac11e34dbf3392a77bbad4cfadf8a354019351
                                                                                                                                                                            • Opcode Fuzzy Hash: eb38668d16dde9f679acb596807dbef16c37733d7901203e4b05b1df1b3e4743
                                                                                                                                                                            • Instruction Fuzzy Hash: 4311E532A4061ABBE750ABA49C09AAE377CFF04755F144018F802E72D0FA248D309BB1
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00806A8C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 123COMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(?,?,00000104), ref: 00806AE1
                                                                                                                                                                            • PathRemoveFileSpecW.SHLWAPI(?,?,?,00000104), ref: 00806AFC
                                                                                                                                                                            • PathAppendW.SHLWAPI(?,goopdate.dll,?,?,00000104), ref: 00806B2B
                                                                                                                                                                              • Part of subcall function 00806820: GetLastError.KERNEL32(00806AF0,?,?,00000104), ref: 00806820
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.1672719636.0000000000801000.00000020.00000001.01000000.00000007.sdmp, Offset: 00800000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.1672608353.0000000000800000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.1672926194.0000000000815000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.1672948047.0000000000817000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_800000_BraveUpdate.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: FilePath$AppendErrorLastModuleNameRemoveSpec
                                                                                                                                                                            • String ID: goopdate.dll
                                                                                                                                                                            • API String ID: 3739599460-235033069
                                                                                                                                                                            • Opcode ID: 4b7d104b2ba2d52f144af44082552b4de56627c159e0eed81447697862bd2675
                                                                                                                                                                            • Instruction ID: df3bf0f2573359fe9fce3da8203172372a9a5943c681a99e9a23234e76c83f51
                                                                                                                                                                            • Opcode Fuzzy Hash: 4b7d104b2ba2d52f144af44082552b4de56627c159e0eed81447697862bd2675
                                                                                                                                                                            • Instruction Fuzzy Hash: 5E4151F190022D96DB60EB64DC49EDA73BCFF44314F1085F5A505E31C2FA34AFA98A61
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 0080E6F6 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 67 80e6f6-80e702 68 80e794-80e797 67->68 69 80e707-80e718 68->69 70 80e79d 68->70 72 80e725-80e73e LoadLibraryExW 69->72 73 80e71a-80e71d 69->73 71 80e79f-80e7a3 70->71 76 80e740-80e749 GetLastError 72->76 77 80e7a4-80e7b4 72->77 74 80e723 73->74 75 80e7bd-80e7bf 73->75 79 80e791 74->79 75->71 80 80e782-80e78f 76->80 81 80e74b-80e75d call 80cec8 76->81 77->75 78 80e7b6-80e7b7 FreeLibrary 77->78 78->75 79->68 80->79 81->80 84 80e75f-80e771 call 80cec8 81->84 84->80 87 80e773-80e780 LoadLibraryExW 84->87 87->77 87->80
                                                                                                                                                                            APIs
                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,0080E803,0080C8BB,0000000C,?,00000000,00000000,?,0080E95D,00000021,FlsSetValue,00802924,0080292C,?), ref: 0080E7B7
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.1672719636.0000000000801000.00000020.00000001.01000000.00000007.sdmp, Offset: 00800000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.1672608353.0000000000800000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.1672926194.0000000000815000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.1672948047.0000000000817000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_800000_BraveUpdate.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: FreeLibrary
                                                                                                                                                                            • String ID: api-ms-$ext-ms-
                                                                                                                                                                            • API String ID: 3664257935-537541572
                                                                                                                                                                            • Opcode ID: 5036e705e0243eec070cc9a49579b45e35eaa805588fb25e781cf7c0d80a8940
                                                                                                                                                                            • Instruction ID: f01be7fc65091a656a706f690cde96dfcca83986c9ccdec9a30ad8646eadd1f7
                                                                                                                                                                            • Opcode Fuzzy Hash: 5036e705e0243eec070cc9a49579b45e35eaa805588fb25e781cf7c0d80a8940
                                                                                                                                                                            • Instruction Fuzzy Hash: 4421E132A41211ABCBB19B64EC84AAB377CFF45760B254A24ED26E72D1E770ED01C6D1
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 008069EE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61registryCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 88 8069ee-806a1d RegOpenKeyExW 89 806a2b-806a63 call 806dfe SHQueryValueExW call 806d16 88->89 90 806a1f 88->90 96 806a68-806a6a 89->96 91 806a21-806a29 90->91 92 806a88-806a8b 90->92 91->92 97 806a7b-806a83 96->97 98 806a6c 96->98 97->92 99 806a77-806a79 98->99 100 806a6e-806a71 98->100 99->92 100->99
                                                                                                                                                                            APIs
                                                                                                                                                                            • RegOpenKeyExW.KERNELBASE(?,Software\BraveSoftware\Update\Clients\{B131C935-9BE6-41DA-9599-1F776BEB8019},00000000,00020019,?,?,?), ref: 00806A15
                                                                                                                                                                            • SHQueryValueExW.SHLWAPI(?,00805D10,00000000,?,00000000,?,00000032,?,?), ref: 00806A58
                                                                                                                                                                            Strings
                                                                                                                                                                            • Software\BraveSoftware\Update\Clients\{B131C935-9BE6-41DA-9599-1F776BEB8019}, xrefs: 00806A07
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.1672719636.0000000000801000.00000020.00000001.01000000.00000007.sdmp, Offset: 00800000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.1672608353.0000000000800000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.1672926194.0000000000815000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.1672948047.0000000000817000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_800000_BraveUpdate.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: OpenQueryValue
                                                                                                                                                                            • String ID: Software\BraveSoftware\Update\Clients\{B131C935-9BE6-41DA-9599-1F776BEB8019}
                                                                                                                                                                            • API String ID: 4153817207-790910960
                                                                                                                                                                            • Opcode ID: b4da762631c767170a592d89b2af58bfada0e7ea4367ac736782c56046214871
                                                                                                                                                                            • Instruction ID: 64794ef0a3d8a085c71673d48cd07647cb9cc6aa9eb473048ca7026b15127281
                                                                                                                                                                            • Opcode Fuzzy Hash: b4da762631c767170a592d89b2af58bfada0e7ea4367ac736782c56046214871
                                                                                                                                                                            • Instruction Fuzzy Hash: 78117B71E40129ABCB50AB699C05DBFBBB8FF40710F104265B811F61D0D6788A1097A0
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 0080BEC7 Relevance: 4.5, APIs: 3, Instructions: 15COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?,?,0080BEC1,?,0080B83D,?,?,6B9996BF,0080B83D,?), ref: 0080BED8
                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000,?,0080BEC1,?,0080B83D,?,?,6B9996BF,0080B83D,?), ref: 0080BEDF
                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 0080BEF1
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.1672719636.0000000000801000.00000020.00000001.01000000.00000007.sdmp, Offset: 00800000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.1672608353.0000000000800000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.1672926194.0000000000815000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.1672948047.0000000000817000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_800000_BraveUpdate.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Process$CurrentExitTerminate
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1703294689-0
                                                                                                                                                                            • Opcode ID: c0f533c406f6221b0d5a15ef7cd9ec0dc1499adb9b944870938cec88e3deecc1
                                                                                                                                                                            • Instruction ID: 8290ac0f4e5395aababdcdb711187f64632a679f329eb25736939deea9c51b28
                                                                                                                                                                            • Opcode Fuzzy Hash: c0f533c406f6221b0d5a15ef7cd9ec0dc1499adb9b944870938cec88e3deecc1
                                                                                                                                                                            • Instruction Fuzzy Hash: 6DD09E31004645AFCF516F65DD0D9D93F3AFF48341B048418BA1987071DF319A529E91
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00806887 Relevance: 3.1, APIs: 2, Instructions: 122COMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(00000000,00000000,00000104,00000104), ref: 008068B9
                                                                                                                                                                            • SHGetFolderPathW.SHELL32(00000000,00000026,00000000,00000000,00000000,00000104,?,?,00000000), ref: 0080697C
                                                                                                                                                                              • Part of subcall function 00806F7D: FindResourceExW.KERNEL32(00000000,00000006,00000000,00000000,00000000,?,?,00000000,?,?,00806912,-00000010), ref: 00806FAE
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.1672719636.0000000000801000.00000020.00000001.01000000.00000007.sdmp, Offset: 00800000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.1672608353.0000000000800000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.1672926194.0000000000815000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.1672948047.0000000000817000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_800000_BraveUpdate.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: FileFindFolderModuleNamePathResource
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2248019921-0
                                                                                                                                                                            • Opcode ID: 23cb20257fb9bcdedeccf7b2ab9b179796bfd531eb4d181f125871fec0abf2d3
                                                                                                                                                                            • Instruction ID: 3a969b8d6b77351874b080b8670eacb29f1b69ef59cfdbdc84e08a8d26514c97
                                                                                                                                                                            • Opcode Fuzzy Hash: 23cb20257fb9bcdedeccf7b2ab9b179796bfd531eb4d181f125871fec0abf2d3
                                                                                                                                                                            • Instruction Fuzzy Hash: 2B415B71D0011AABDB44EBA8CD959EEBBB9FF00310B104169A812E72D1FB309E35CA91
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 0080E7C1 Relevance: 1.6, APIs: 1, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 167 80e7c1-80e7e9 168 80e7eb-80e7ed 167->168 169 80e7ef-80e7f1 167->169 170 80e840-80e843 168->170 171 80e7f3-80e7f5 169->171 172 80e7f7-80e7fe call 80e6f6 169->172 171->170 174 80e803-80e807 172->174 175 80e826-80e83d 174->175 176 80e809-80e817 GetProcAddress 174->176 178 80e83f 175->178 176->175 177 80e819-80e824 call 80bd26 176->177 177->178 178->170
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.1672719636.0000000000801000.00000020.00000001.01000000.00000007.sdmp, Offset: 00800000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.1672608353.0000000000800000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.1672926194.0000000000815000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.1672948047.0000000000817000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_800000_BraveUpdate.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: a3935a023bf4be4ef3d076d12775302f66edfc9b49430ca25d02903bcb204b9d
                                                                                                                                                                            • Instruction ID: 2edf6c7d0a62b65bbe343ce5dfefbb6ae8f7511f7c82750df40adc5a27731188
                                                                                                                                                                            • Opcode Fuzzy Hash: a3935a023bf4be4ef3d076d12775302f66edfc9b49430ca25d02903bcb204b9d
                                                                                                                                                                            • Instruction Fuzzy Hash: 3601B137700625DBDB668EADEC4099B739AFBC9360724C935FA00CB6D4EA30D80196D1
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                            Function 0080D9B3 Relevance: 6.1, APIs: 4, Instructions: 129fileCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000), ref: 0080DA4E
                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,?), ref: 0080DAC9
                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 0080DAEB
                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 0080DB0E
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.1672719636.0000000000801000.00000020.00000001.01000000.00000007.sdmp, Offset: 00800000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.1672608353.0000000000800000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.1672926194.0000000000815000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.1672948047.0000000000817000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_800000_BraveUpdate.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Find$CloseFile$FirstNext
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1164774033-0
                                                                                                                                                                            • Opcode ID: 571ebd9e99739357357fa9a4bed375ceb19d1e0c0b6bf1f2cf87bd75cb417035
                                                                                                                                                                            • Instruction ID: 6776d7f2d2e1a1a47a4becb743985872d14aedbcf33434196173ca658f6439de
                                                                                                                                                                            • Opcode Fuzzy Hash: 571ebd9e99739357357fa9a4bed375ceb19d1e0c0b6bf1f2cf87bd75cb417035
                                                                                                                                                                            • Instruction Fuzzy Hash: DD41A471A04729AEDB60EFE8CC88EBAB7B8FF84354F148195E405D71C4E6309E84CB64
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00807BB0 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00807BBC
                                                                                                                                                                            • IsDebuggerPresent.KERNEL32 ref: 00807C88
                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00807CA8
                                                                                                                                                                            • UnhandledExceptionFilter.KERNEL32(?), ref: 00807CB2
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.1672719636.0000000000801000.00000020.00000001.01000000.00000007.sdmp, Offset: 00800000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.1672608353.0000000000800000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.1672926194.0000000000815000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.1672948047.0000000000817000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_800000_BraveUpdate.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 254469556-0
                                                                                                                                                                            • Opcode ID: cc91fe210b05eb69eae26006ba590228112a07010ae0f9d9bc997b4b8df14b04
                                                                                                                                                                            • Instruction ID: 200c134b245bdab84300a575d4eb4be91427506544712e2e448e8933eb7274b4
                                                                                                                                                                            • Opcode Fuzzy Hash: cc91fe210b05eb69eae26006ba590228112a07010ae0f9d9bc997b4b8df14b04
                                                                                                                                                                            • Instruction Fuzzy Hash: 9031E775D453189BDB51DFA4DD89BCDBBB8FF08300F1041AAE40DAB290EB719A858F45
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00807423 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 51libraryloaderCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 288 807423-807444 InitializeCriticalSectionAndSpinCount GetModuleHandleW 289 807446-807455 GetModuleHandleW 288->289 290 807457-807473 GetProcAddress * 2 288->290 289->290 291 80749d-8074b7 call 807bb0 DeleteCriticalSection 289->291 292 807475-807477 290->292 293 807487-80749b CreateEventW 290->293 298 8074c0 291->298 299 8074b9-8074ba CloseHandle 291->299 292->293 294 807479-80747f 292->294 293->291 295 807484-807486 293->295 294->295 299->298
                                                                                                                                                                            APIs
                                                                                                                                                                            • InitializeCriticalSectionAndSpinCount.KERNEL32(0081592C,00000FA0,?,?,00807401), ref: 0080742F
                                                                                                                                                                            • GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,00807401), ref: 0080743A
                                                                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,00807401), ref: 0080744B
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 0080745D
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 0080746B
                                                                                                                                                                            • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,00807401), ref: 0080748E
                                                                                                                                                                            • DeleteCriticalSection.KERNEL32(0081592C,00000007,?,?,00807401), ref: 008074AA
                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,00807401), ref: 008074BA
                                                                                                                                                                            Strings
                                                                                                                                                                            • WakeAllConditionVariable, xrefs: 00807463
                                                                                                                                                                            • SleepConditionVariableCS, xrefs: 00807457
                                                                                                                                                                            • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00807435
                                                                                                                                                                            • kernel32.dll, xrefs: 00807446
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.1672719636.0000000000801000.00000020.00000001.01000000.00000007.sdmp, Offset: 00800000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.1672608353.0000000000800000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.1672926194.0000000000815000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.1672948047.0000000000817000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_800000_BraveUpdate.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
                                                                                                                                                                            • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                            • API String ID: 2565136772-3242537097
                                                                                                                                                                            • Opcode ID: 964415e068c8bb55449d922b41869400ecf5ef7ce0af908276c20b5aa0ca00f5
                                                                                                                                                                            • Instruction ID: 58c4e370a17fd40dfa043eb5015f4453b3ce935806acd05b9361933cd10ade1c
                                                                                                                                                                            • Opcode Fuzzy Hash: 964415e068c8bb55449d922b41869400ecf5ef7ce0af908276c20b5aa0ca00f5
                                                                                                                                                                            • Instruction Fuzzy Hash: 1C01B570E49F41EBD7611BB4BC0DA9A3E6CFF88B70B008014F909D62D0DA64D8408661
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 0080A670 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • IsInExceptionSpec.LIBVCRUNTIME ref: 0080A76D
                                                                                                                                                                            • type_info::operator==.LIBVCRUNTIME ref: 0080A78F
                                                                                                                                                                            • ___TypeMatch.LIBVCRUNTIME ref: 0080A89E
                                                                                                                                                                            • IsInExceptionSpec.LIBVCRUNTIME ref: 0080A970
                                                                                                                                                                            • _UnwindNestedFrames.LIBCMT ref: 0080A9F4
                                                                                                                                                                            • CallUnexpected.LIBVCRUNTIME ref: 0080AA0F
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.1672719636.0000000000801000.00000020.00000001.01000000.00000007.sdmp, Offset: 00800000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.1672608353.0000000000800000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.1672926194.0000000000815000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.1672948047.0000000000817000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_800000_BraveUpdate.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                                                                                                            • String ID: csm$csm$csm
                                                                                                                                                                            • API String ID: 2123188842-393685449
                                                                                                                                                                            • Opcode ID: dc419a969b4fd022678509616087af1f24b04c2af3eddea04adb00619ebd2d45
                                                                                                                                                                            • Instruction ID: 1c291b84bddaa3f19f5208628909984c7d5b9228ff2bd3ee014bd184e4755b93
                                                                                                                                                                            • Opcode Fuzzy Hash: dc419a969b4fd022678509616087af1f24b04c2af3eddea04adb00619ebd2d45
                                                                                                                                                                            • Instruction Fuzzy Hash: 30B18D71900319EFCF69DFA8DD819AEBBB5FF04310B158159E850AB292D331DA51CB93
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 008097B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 008097E7
                                                                                                                                                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 008097EF
                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00809878
                                                                                                                                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 008098A3
                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 008098F8
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.1672719636.0000000000801000.00000020.00000001.01000000.00000007.sdmp, Offset: 00800000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.1672608353.0000000000800000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.1672926194.0000000000815000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.1672948047.0000000000817000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_800000_BraveUpdate.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                            • String ID: csm
                                                                                                                                                                            • API String ID: 1170836740-1018135373
                                                                                                                                                                            • Opcode ID: 8f594152e8b4c0cd7d7a1786ed0b295a115b2fbb7a5613585134c414b71bd6b2
                                                                                                                                                                            • Instruction ID: 5a1519a760f2423af02b8f6b5b5602610a727f01fc2b194095617517f816813f
                                                                                                                                                                            • Opcode Fuzzy Hash: 8f594152e8b4c0cd7d7a1786ed0b295a115b2fbb7a5613585134c414b71bd6b2
                                                                                                                                                                            • Instruction Fuzzy Hash: 82415934A00209ABCF54EF68CC84A9EBBA5FF46324F14C165E855DB3E3D7319A45CB91
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00809B32 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetLastError.KERNEL32(?,?,00809B29,00809ABA,00807D97), ref: 00809B40
                                                                                                                                                                            • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00809B4E
                                                                                                                                                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00809B67
                                                                                                                                                                            • SetLastError.KERNEL32(00000000,00809B29,00809ABA,00807D97), ref: 00809BB9
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.1672719636.0000000000801000.00000020.00000001.01000000.00000007.sdmp, Offset: 00800000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.1672608353.0000000000800000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.1672926194.0000000000815000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.1672948047.0000000000817000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_800000_BraveUpdate.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3852720340-0
                                                                                                                                                                            • Opcode ID: b3bd08eff55fa692e993a36d67b8b7ba55342fd8d43964b7c109e4c5d8ea6edb
                                                                                                                                                                            • Instruction ID: 807b2a71eb86d504de1204a181f868383b408eebd07af947d806f3cb372382a4
                                                                                                                                                                            • Opcode Fuzzy Hash: b3bd08eff55fa692e993a36d67b8b7ba55342fd8d43964b7c109e4c5d8ea6edb
                                                                                                                                                                            • Instruction Fuzzy Hash: EF01FC3221EF229EE6E467B9BCA5AA7366CFF55BB57204329F550C00E2EF514C415181
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00809E17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,?,00809ED8,?,?,00815CEC,00000000,?,0080A003,00000004,InitializeCriticalSectionEx,00801C14,InitializeCriticalSectionEx,00000000), ref: 00809EA7
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.1672719636.0000000000801000.00000020.00000001.01000000.00000007.sdmp, Offset: 00800000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.1672608353.0000000000800000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.1672926194.0000000000815000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.1672948047.0000000000817000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_800000_BraveUpdate.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: FreeLibrary
                                                                                                                                                                            • String ID: api-ms-
                                                                                                                                                                            • API String ID: 3664257935-2084034818
                                                                                                                                                                            • Opcode ID: a5b7f0054b3967930f3d378865d692eb4e57ebfa7b40f52c06c72f4216748fa0
                                                                                                                                                                            • Instruction ID: 85001a2d8192404d52d9a87064e203097e39ac838c75741cd2a11bed351e11b2
                                                                                                                                                                            • Opcode Fuzzy Hash: a5b7f0054b3967930f3d378865d692eb4e57ebfa7b40f52c06c72f4216748fa0
                                                                                                                                                                            • Instruction Fuzzy Hash: FC112932A41724ABDFA2CBA8DC45B5A33A8FF01770F114224F985EB2C1D7B0EC008AD1
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 0080BF1A Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,6B9996BF,?,?,00000000,008144E2,000000FF,?,0080BEED,?,?,0080BEC1,?), ref: 0080BF4F
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0080BF61
                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,00000000,008144E2,000000FF,?,0080BEED,?,?,0080BEC1,?), ref: 0080BF83
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.1672719636.0000000000801000.00000020.00000001.01000000.00000007.sdmp, Offset: 00800000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.1672608353.0000000000800000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.1672926194.0000000000815000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.1672948047.0000000000817000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_800000_BraveUpdate.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                            • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                            • API String ID: 4061214504-1276376045
                                                                                                                                                                            • Opcode ID: ca2345a403b0bee71751d093cd9227aa421cac4eb905c22d6a557f2619beaa83
                                                                                                                                                                            • Instruction ID: a3dd647da85335703b31026e3ae80a14734301e2de87a61244c55a434bfd8efd
                                                                                                                                                                            • Opcode Fuzzy Hash: ca2345a403b0bee71751d093cd9227aa421cac4eb905c22d6a557f2619beaa83
                                                                                                                                                                            • Instruction Fuzzy Hash: 3B01F435644A56EBDB159F54DC09BEEB7BCFF48711F018629A822E26D0DB789900CA90
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00810BC0 Relevance: 7.7, APIs: 5, Instructions: 202COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 00810C47
                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 00810D08
                                                                                                                                                                            • __freea.LIBCMT ref: 00810D6F
                                                                                                                                                                              • Part of subcall function 0080FAC8: HeapAlloc.KERNEL32(00000000,00000000,0080C8BB,?,0080D5AD,?,00000000,?,0080BB6F,00000000,0080C8BB,00000004,?,00000000,?,0080C6B5), ref: 0080FAFA
                                                                                                                                                                            • __freea.LIBCMT ref: 00810D84
                                                                                                                                                                            • __freea.LIBCMT ref: 00810D94
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.1672719636.0000000000801000.00000020.00000001.01000000.00000007.sdmp, Offset: 00800000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.1672608353.0000000000800000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.1672926194.0000000000815000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.1672948047.0000000000817000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_800000_BraveUpdate.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: __freea$__alloca_probe_16$AllocHeap
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1096550386-0
                                                                                                                                                                            • Opcode ID: 040dcd28dee2d4922f19259026949c9ad623cfcb4c4ef27b1473970e7a943836
                                                                                                                                                                            • Instruction ID: 74c45fc9249174a3cbfde3409fa75169d72cb2360b923c37f1194343b7a09674
                                                                                                                                                                            • Opcode Fuzzy Hash: 040dcd28dee2d4922f19259026949c9ad623cfcb4c4ef27b1473970e7a943836
                                                                                                                                                                            • Instruction Fuzzy Hash: 5551A37260021AAFEB209FA4DC81EFB76ADFF04754B154629FD08D6151EBB0DCD09BA1
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00810FA1 Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetConsoleOutputCP.KERNEL32(6B9996BF,?,00000000,?), ref: 00811004
                                                                                                                                                                              • Part of subcall function 0080E586: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00810D65,?,00000000,-00000008), ref: 0080E632
                                                                                                                                                                            • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0081125F
                                                                                                                                                                            • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 008112A7
                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0081134A
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.1672719636.0000000000801000.00000020.00000001.01000000.00000007.sdmp, Offset: 00800000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.1672608353.0000000000800000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.1672926194.0000000000815000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.1672948047.0000000000817000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_800000_BraveUpdate.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2112829910-0
                                                                                                                                                                            • Opcode ID: bfd569d85be73c7e98eeb7c67ccb341a5a27bf2083598dfe0d681eb56df255e0
                                                                                                                                                                            • Instruction ID: ef324262166c18e6785a548f4f48f117c37572b928f308b81554580f46145579
                                                                                                                                                                            • Opcode Fuzzy Hash: bfd569d85be73c7e98eeb7c67ccb341a5a27bf2083598dfe0d681eb56df255e0
                                                                                                                                                                            • Instruction Fuzzy Hash: 63D158B5E04258DFCF01CFA8D8849EDBBB9FF08314F18812AE966E7351D630A881CB50
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 0080A419 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.1672719636.0000000000801000.00000020.00000001.01000000.00000007.sdmp, Offset: 00800000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.1672608353.0000000000800000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.1672926194.0000000000815000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.1672948047.0000000000817000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_800000_BraveUpdate.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AdjustPointer
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1740715915-0
                                                                                                                                                                            • Opcode ID: eaf55f6d8a830fa63136b625b2268e38ce8906cd9a2d29bc9e509cf4e784d44b
                                                                                                                                                                            • Instruction ID: 7690e3e23020b93145076ae74af40a83c1fdd52397a879292dfbdc87dc428896
                                                                                                                                                                            • Opcode Fuzzy Hash: eaf55f6d8a830fa63136b625b2268e38ce8906cd9a2d29bc9e509cf4e784d44b
                                                                                                                                                                            • Instruction Fuzzy Hash: DB51E076A00B06AFDBAD9F98DC51BAA77A4FF40314F144129E846C62D1E771EC80CB92
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 008127B6 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,?,00811F6A,?,00000001,?,?,?,0081139E,?,?,00000000), ref: 008127CD
                                                                                                                                                                            • GetLastError.KERNEL32(?,00811F6A,?,00000001,?,?,?,0081139E,?,?,00000000,?,?,?,00811925,?), ref: 008127D9
                                                                                                                                                                              • Part of subcall function 0081279F: CloseHandle.KERNEL32(FFFFFFFE,008127E9,?,00811F6A,?,00000001,?,?,?,0081139E,?,?,00000000,?,?), ref: 008127AF
                                                                                                                                                                            • ___initconout.LIBCMT ref: 008127E9
                                                                                                                                                                              • Part of subcall function 00812761: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00812790,00811F57,?,?,0081139E,?,?,00000000,?), ref: 00812774
                                                                                                                                                                            • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,00811F6A,?,00000001,?,?,?,0081139E,?,?,00000000,?), ref: 008127FE
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.1672719636.0000000000801000.00000020.00000001.01000000.00000007.sdmp, Offset: 00800000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.1672608353.0000000000800000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.1672926194.0000000000815000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.1672948047.0000000000817000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_800000_BraveUpdate.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2744216297-0
                                                                                                                                                                            • Opcode ID: f496bff2410ae439acad29fa0c13f6c881c98ff49f6f129e6b7e3ce6e6ea2f83
                                                                                                                                                                            • Instruction ID: bd6a4161b447811d7e64c375949e6d486b2561c715588342f88da331aa17dfb1
                                                                                                                                                                            • Opcode Fuzzy Hash: f496bff2410ae439acad29fa0c13f6c881c98ff49f6f129e6b7e3ce6e6ea2f83
                                                                                                                                                                            • Instruction Fuzzy Hash: 8FF0AC3A541524BBCF222F95EC089DA3F6AFF487B1F148464FE19D5170C632C861DB91
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00807593 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • SleepConditionVariableCS.KERNELBASE(?,00807530,00000064), ref: 008075B6
                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(0081592C,?,?,00807530,00000064,?,00806688,008164A0,?,?,00806DDF,?,00806898), ref: 008075C0
                                                                                                                                                                            • WaitForSingleObjectEx.KERNEL32(?,00000000,?,00807530,00000064,?,00806688,008164A0,?,?,00806DDF,?,00806898), ref: 008075D1
                                                                                                                                                                            • EnterCriticalSection.KERNEL32(0081592C,?,00807530,00000064,?,00806688,008164A0,?,?,00806DDF,?,00806898), ref: 008075D8
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.1672719636.0000000000801000.00000020.00000001.01000000.00000007.sdmp, Offset: 00800000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.1672608353.0000000000800000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.1672926194.0000000000815000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.1672948047.0000000000817000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_800000_BraveUpdate.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3269011525-0
                                                                                                                                                                            • Opcode ID: 3e8daed3f31fd0871bdcb448b00344860e03346855cf82e0e00b7f550f1a1a6c
                                                                                                                                                                            • Instruction ID: 265b4eead8bc279f680756293d3d081a307ead35fee730d4a2d5f13db9deedd5
                                                                                                                                                                            • Opcode Fuzzy Hash: 3e8daed3f31fd0871bdcb448b00344860e03346855cf82e0e00b7f550f1a1a6c
                                                                                                                                                                            • Instruction Fuzzy Hash: 29E01232945A28FBCB112F90FC09AEEBF7DFF4D771B048014F90E9A260C66159508BD2
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 0080AA1A Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 0080AA3F
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.1672719636.0000000000801000.00000020.00000001.01000000.00000007.sdmp, Offset: 00800000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.1672608353.0000000000800000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.1672926194.0000000000815000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.1672948047.0000000000817000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_800000_BraveUpdate.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: EncodePointer
                                                                                                                                                                            • String ID: MOC$RCC
                                                                                                                                                                            • API String ID: 2118026453-2084237596
                                                                                                                                                                            • Opcode ID: 3aee79ba49da983786e1bca535d77ea6fc4cc5afd3595c6b0b0dc17775b3f8a0
                                                                                                                                                                            • Instruction ID: 97f4cf08fb4ea318d56c1c4685759b192e33a186fc6715b5d06c25bd5ca3295a
                                                                                                                                                                            • Opcode Fuzzy Hash: 3aee79ba49da983786e1bca535d77ea6fc4cc5afd3595c6b0b0dc17775b3f8a0
                                                                                                                                                                            • Instruction Fuzzy Hash: 47417C32900209EFCF59DF98DD81AEEBBB6FF08314F188159F904A72A1D3359950DB52
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 008072D6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00806511: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,8007000E,?,-C000001E,00000001), ref: 00806516
                                                                                                                                                                              • Part of subcall function 00806511: GetLastError.KERNEL32(?,00000000,?,8007000E,?,-C000001E,00000001), ref: 00806520
                                                                                                                                                                            • IsDebuggerPresent.KERNEL32(?,?,?,0080648A), ref: 00807309
                                                                                                                                                                            • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,0080648A), ref: 00807318
                                                                                                                                                                            Strings
                                                                                                                                                                            • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00807313
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.1672719636.0000000000801000.00000020.00000001.01000000.00000007.sdmp, Offset: 00800000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.1672608353.0000000000800000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.1672926194.0000000000815000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.1672948047.0000000000817000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_800000_BraveUpdate.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CountCriticalDebugDebuggerErrorInitializeLastOutputPresentSectionSpinString
                                                                                                                                                                            • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                            • API String ID: 450123788-631824599
                                                                                                                                                                            • Opcode ID: 5645a839af9483501c69acc5f65c68c7eb0cc174d72c85159b779bc10374a51e
                                                                                                                                                                            • Instruction ID: f5e5498a0dc09cf3c3bcb92ac47bebd61c2bb045ecb13a9cd70c41ef60d96f4f
                                                                                                                                                                            • Opcode Fuzzy Hash: 5645a839af9483501c69acc5f65c68c7eb0cc174d72c85159b779bc10374a51e
                                                                                                                                                                            • Instruction Fuzzy Hash: 80E06D70A04B418FE3A09F68ED083427AE8FF04754F41895DE996C27C1EBB4E4488B51
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Executed Functions

                                                                                                                                                                            Function 00007FF744A044A8 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 152registryCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1680034680.00007FF744A01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF744A00000, based on PE: true
                                                                                                                                                                            • Associated: 00000004.00000002.1680013081.00007FF744A00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680058258.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680083046.00007FF744A29000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680100665.00007FF744A2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff744a00000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: PrivateProfile$CloseOpenQueryValue
                                                                                                                                                                            • String ID: AppendToFile$EnableLogging$IsEnabledLogToFile$LogToOutputDebug$LoggingLevel$LoggingSettings$ShowTime$Software\BraveSoftware\UpdateDev\
                                                                                                                                                                            • API String ID: 2210674228-3529394150
                                                                                                                                                                            • Opcode ID: c67d0b199afa614a42569769cdc2344d9aa1607615deae8bbc4545d499da46ac
                                                                                                                                                                            • Instruction ID: 6615d88c550806c458ae0a20c49df15fe3279d5a454e65a5e258eb29f2603e7c
                                                                                                                                                                            • Opcode Fuzzy Hash: c67d0b199afa614a42569769cdc2344d9aa1607615deae8bbc4545d499da46ac
                                                                                                                                                                            • Instruction Fuzzy Hash: 8E61C222B08681DAE714BF3AD485BA87764FB04BA8F944131DE1C0779ADF7CE558E720
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00007FF744A03A10 Relevance: 4.5, APIs: 3, Instructions: 33libraryloaderCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            • LoadLibraryW.KERNELBASE ref: 00007FF744A03A25
                                                                                                                                                                            • GetProcAddress.KERNEL32 ref: 00007FF744A03A42
                                                                                                                                                                            • FreeLibrary.KERNELBASE ref: 00007FF744A03A62
                                                                                                                                                                              • Part of subcall function 00007FF744A039C0: GetLastError.KERNEL32(?,?,?,00007FF744A03B80,?,?,?,00007FF744A042C9,?,?,?,?,00007FF744A01031), ref: 00007FF744A039C6
                                                                                                                                                                              • Part of subcall function 00007FF744A039C0: RaiseException.KERNEL32(?,?,?,00007FF744A03B80,?,?,?,00007FF744A042C9,?,?,?,?,00007FF744A01031), ref: 00007FF744A039FF
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1680034680.00007FF744A01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF744A00000, based on PE: true
                                                                                                                                                                            • Associated: 00000004.00000002.1680013081.00007FF744A00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680058258.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680083046.00007FF744A29000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680100665.00007FF744A2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff744a00000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Library$AddressErrorExceptionFreeLastLoadProcRaise
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 386220097-0
                                                                                                                                                                            • Opcode ID: 55289a7fcf567d6fc37604f5a9609b51a8c42d30ea13611f0b10e3126723dc72
                                                                                                                                                                            • Instruction ID: 5f74775f4f2eebe04fa2f7f786d98e6ce54ddffc73fb7156ddfe51fa353d98b2
                                                                                                                                                                            • Opcode Fuzzy Hash: 55289a7fcf567d6fc37604f5a9609b51a8c42d30ea13611f0b10e3126723dc72
                                                                                                                                                                            • Instruction Fuzzy Hash: 10F03C21B1D782C2FB54BF236488629D2A5AF98BD0FA89434DD5E0774CDE3DD8419330
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00007FF744A10820 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1680034680.00007FF744A01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF744A00000, based on PE: true
                                                                                                                                                                            • Associated: 00000004.00000002.1680013081.00007FF744A00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680058258.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680083046.00007FF744A29000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680100665.00007FF744A2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff744a00000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AddressFreeLibraryProc
                                                                                                                                                                            • String ID: api-ms-$ext-ms-
                                                                                                                                                                            • API String ID: 3013587201-537541572
                                                                                                                                                                            • Opcode ID: 847e315448d33ec932bdacaf819cbf365cdad76815bf1637d6656b56f8522315
                                                                                                                                                                            • Instruction ID: bfadae2c7ae881f6c0bcea38cd649390c406f8a64f78e0b026369c0db0bf5e45
                                                                                                                                                                            • Opcode Fuzzy Hash: 847e315448d33ec932bdacaf819cbf365cdad76815bf1637d6656b56f8522315
                                                                                                                                                                            • Instruction Fuzzy Hash: F441DF61B0D622C1FB11FF13A8949A5B2A5BB45BE0FA88135DE0D47B8CDE3CE045E230
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00007FF744A04BDC Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 67libraryloaderCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1680034680.00007FF744A01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF744A00000, based on PE: true
                                                                                                                                                                            • Associated: 00000004.00000002.1680013081.00007FF744A00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680058258.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680083046.00007FF744A29000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680100665.00007FF744A2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff744a00000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AddressCommandHandleLineModuleProc
                                                                                                                                                                            • String ID: SetDefaultDllDirectories$kernel32.dll$unregister$user
                                                                                                                                                                            • API String ID: 147197560-815688805
                                                                                                                                                                            • Opcode ID: 5709c1a7cf0b43fb8a302db99dfee1deae5af6bda4fbedd289ff6e36927d3558
                                                                                                                                                                            • Instruction ID: d1e13bee5792eb7d384ca4da2632b0bda3b772e81417dbe5eb01ec33fce19763
                                                                                                                                                                            • Opcode Fuzzy Hash: 5709c1a7cf0b43fb8a302db99dfee1deae5af6bda4fbedd289ff6e36927d3558
                                                                                                                                                                            • Instruction Fuzzy Hash: 25214122B1CA42C2DB10FF36D4949A9A360FF84BB4B945331EA6D472EDDE6CD548D720
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00007FF744A04A9C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32registryCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1680034680.00007FF744A01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF744A00000, based on PE: true
                                                                                                                                                                            • Associated: 00000004.00000002.1680013081.00007FF744A00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680058258.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680083046.00007FF744A29000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680100665.00007FF744A2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff744a00000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CloseOpenOverridePredef
                                                                                                                                                                            • String ID: Software\Classes
                                                                                                                                                                            • API String ID: 2630863477-1656466771
                                                                                                                                                                            • Opcode ID: c313f1374a35ba85ed93cb0d8f175837ed073ca8541d3e038ce952050618a241
                                                                                                                                                                            • Instruction ID: 07d4c04bc88b3ef825af08a112645b83f02d80135001e0bc9d68a6d0c35bf162
                                                                                                                                                                            • Opcode Fuzzy Hash: c313f1374a35ba85ed93cb0d8f175837ed073ca8541d3e038ce952050618a241
                                                                                                                                                                            • Instruction Fuzzy Hash: 4EF08125B1D612C5FB50BF7A98C4B36A2A4FF447A0FF00234DE6E416A8DE1CD144E634
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00007FF744A04148 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 157stringCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 87 7ff744a04148-7ff744a04193 call 7ff744a018e4 call 7ff744a01768 call 7ff744a018e4 call 7ff744a01e1c 96 7ff744a04224-7ff744a0424c call 7ff744a01230 call 7ff744a0147c 87->96 97 7ff744a04199-7ff744a041ac lstrcmpiW 87->97 113 7ff744a04252-7ff744a042a3 InitializeCriticalSection call 7ff744a0147c 96->113 114 7ff744a043ef-7ff744a04420 call 7ff744a01230 96->114 99 7ff744a041ae-7ff744a041d6 call 7ff744a0b924 call 7ff744a03cd4 * 2 97->99 100 7ff744a041db-7ff744a041ed 97->100 99->100 103 7ff744a041ef-7ff744a041f2 100->103 104 7ff744a041f8-7ff744a04203 100->104 103->104 107 7ff744a04205-7ff744a0420b 104->107 108 7ff744a04211-7ff744a04223 104->108 107->108 122 7ff744a043e4-7ff744a043ee call 7ff744a01230 113->122 123 7ff744a042a9-7ff744a042d2 call 7ff744a03acc 113->123 124 7ff744a04422-7ff744a0442c 114->124 122->114 136 7ff744a042d4-7ff744a042fe call 7ff744a02f40 call 7ff744a0b924 call 7ff744a03cd4 123->136 137 7ff744a04303-7ff744a0432f call 7ff744a01a28 123->137 126 7ff744a0442e-7ff744a0443c 124->126 127 7ff744a0444d-7ff744a044a4 call 7ff744a01ac4 call 7ff744a047b4 call 7ff744a01ac4 124->127 131 7ff744a0443e-7ff744a04441 126->131 132 7ff744a04449-7ff744a0444b 126->132 131->132 132->124 136->137 147 7ff744a04331-7ff744a04334 137->147 148 7ff744a0433a-7ff744a0434e 137->148 147->148 151 7ff744a04350-7ff744a04353 148->151 152 7ff744a04359-7ff744a043ba call 7ff744a06840 call 7ff744a04148 call 7ff744a02f40 148->152 151->152 161 7ff744a043c5-7ff744a043d3 call 7ff744a044a8 152->161 162 7ff744a043bc-7ff744a043bf 152->162 164 7ff744a043d8-7ff744a043e3 161->164 162->161
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00007FF744A018E4: PathRemoveExtensionW.SHLWAPI(?,?,?,00007FF744A04166,?,?,?,00007FF744A04397,?,?,?,?,00007FF744A01031), ref: 00007FF744A01940
                                                                                                                                                                              • Part of subcall function 00007FF744A01768: VirtualQuery.KERNEL32 ref: 00007FF744A0178F
                                                                                                                                                                            • lstrcmpiW.KERNELBASE(?,?,?,00007FF744A04397,?,?,?,?,00007FF744A01031), ref: 00007FF744A041A4
                                                                                                                                                                            • InitializeCriticalSection.KERNEL32(?,?,?,?,00007FF744A01031), ref: 00007FF744A04278
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1680034680.00007FF744A01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF744A00000, based on PE: true
                                                                                                                                                                            • Associated: 00000004.00000002.1680013081.00007FF744A00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680058258.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680083046.00007FF744A29000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680100665.00007FF744A2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff744a00000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CriticalExtensionInitializePathQueryRemoveSectionVirtuallstrcmpi
                                                                                                                                                                            • String ID: BraveUpdate.ini$SystemDrive
                                                                                                                                                                            • API String ID: 4116145752-4063966519
                                                                                                                                                                            • Opcode ID: 585b218e4b01064a166878589254a93d65b6c1fbbbc0224284a16055a9a10c7f
                                                                                                                                                                            • Instruction ID: b747d9ad3f4138cb48b1ab4f0087b2e1bb49cc421bd82cee8e9d5db6da12f3cb
                                                                                                                                                                            • Opcode Fuzzy Hash: 585b218e4b01064a166878589254a93d65b6c1fbbbc0224284a16055a9a10c7f
                                                                                                                                                                            • Instruction Fuzzy Hash: A0715F21B1DA42C2EB00BF26D8C5568A3A0FF44B94FA44231DE5D467AADF3CD558E370
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00007FF744A04F20 Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1680034680.00007FF744A01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF744A00000, based on PE: true
                                                                                                                                                                            • Associated: 00000004.00000002.1680013081.00007FF744A00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680058258.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680083046.00007FF744A29000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680100665.00007FF744A2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff744a00000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: __scrt_get_show_window_mode__scrt_initialize_crt__scrt_is_managed_app__scrt_release_startup_lock
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2303962521-0
                                                                                                                                                                            • Opcode ID: 932f7c441bc12c5655ae164f97e963ba30f4104fa42af6b90cedcf4448ca8a13
                                                                                                                                                                            • Instruction ID: 5909e893f244078b3f1bbcb131fdcdece9374ab8572d75c954efc2d07f85f0e8
                                                                                                                                                                            • Opcode Fuzzy Hash: 932f7c441bc12c5655ae164f97e963ba30f4104fa42af6b90cedcf4448ca8a13
                                                                                                                                                                            • Instruction Fuzzy Hash: 45312A20B0D202C5FB14FF7694D9AB99291AF46784FE44034DD4E0B2DFDE6DA404E271
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00007FF744A04230 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 140COMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            • InitializeCriticalSection.KERNEL32(?,?,?,?,00007FF744A01031), ref: 00007FF744A04278
                                                                                                                                                                              • Part of subcall function 00007FF744A0147C: GetProcessHeap.KERNEL32 ref: 00007FF744A014F2
                                                                                                                                                                              • Part of subcall function 00007FF744A0147C: _Init_thread_footer.LIBCMT ref: 00007FF744A01527
                                                                                                                                                                              • Part of subcall function 00007FF744A0147C: _Init_thread_footer.LIBCMT ref: 00007FF744A01590
                                                                                                                                                                              • Part of subcall function 00007FF744A03ACC: GetEnvironmentVariableW.KERNEL32(?,?,?,00007FF744A042C9,?,?,?,?,00007FF744A01031), ref: 00007FF744A03B0E
                                                                                                                                                                              • Part of subcall function 00007FF744A03ACC: GetEnvironmentVariableW.KERNEL32(?,?,?,00007FF744A042C9,?,?,?,?,00007FF744A01031), ref: 00007FF744A03B46
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1680034680.00007FF744A01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF744A00000, based on PE: true
                                                                                                                                                                            • Associated: 00000004.00000002.1680013081.00007FF744A00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680058258.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680083046.00007FF744A29000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680100665.00007FF744A2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff744a00000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: EnvironmentInit_thread_footerVariable$CriticalHeapInitializeProcessSection
                                                                                                                                                                            • String ID: BraveUpdate.ini$SystemDrive
                                                                                                                                                                            • API String ID: 3489650459-4063966519
                                                                                                                                                                            • Opcode ID: 782f436498ff015fde4b1bd4292e48b90e57d713d0d7b6be53d8b12ac70cae73
                                                                                                                                                                            • Instruction ID: ea0063fa8e84cfa909eb59341c38a02ae0b39cca19d999acb4457edfe84c3c10
                                                                                                                                                                            • Opcode Fuzzy Hash: 782f436498ff015fde4b1bd4292e48b90e57d713d0d7b6be53d8b12ac70cae73
                                                                                                                                                                            • Instruction Fuzzy Hash: BF612D61B1CA46C2EB04BF26D4C96A8A3A0FB40754FA04235DA5D067AADF7CE458E371
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00007FF744A0CE04 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1680034680.00007FF744A01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF744A00000, based on PE: true
                                                                                                                                                                            • Associated: 00000004.00000002.1680013081.00007FF744A00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680058258.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680083046.00007FF744A29000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680100665.00007FF744A2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff744a00000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Process$CurrentExitTerminate
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1703294689-0
                                                                                                                                                                            • Opcode ID: 56bc4b33e30ecd438373de69222ac63f6b51fdce199bb6f9000f6194c878a1e3
                                                                                                                                                                            • Instruction ID: 9c39fe52a6a857c1d4f30f461ad8583cb284d97be9605c9d2d8e3a9cd7d3bac6
                                                                                                                                                                            • Opcode Fuzzy Hash: 56bc4b33e30ecd438373de69222ac63f6b51fdce199bb6f9000f6194c878a1e3
                                                                                                                                                                            • Instruction Fuzzy Hash: E3D06720B1E602C2EB987F7258DD97892656F48B41FA41438DC0E0639EDD2CA449E330
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00007FF744A02568 Relevance: 3.2, APIs: 2, Instructions: 240COMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 297 7ff744a02568-7ff744a025a0 call 7ff744a01aec call 7ff744a02be4 302 7ff744a025e2-7ff744a025fa CommandLineToArgvW 297->302 303 7ff744a025a2-7ff744a025ce call 7ff744a017a8 call 7ff744a02f40 297->303 304 7ff744a025fc-7ff744a02603 call 7ff744a039c0 302->304 305 7ff744a02608-7ff744a0260e 302->305 320 7ff744a025d0-7ff744a025d3 303->320 321 7ff744a025d9-7ff744a025dd call 7ff744a03f80 303->321 315 7ff744a02864-7ff744a02879 304->315 308 7ff744a02856 305->308 309 7ff744a02614-7ff744a02666 call 7ff744a032f4 * 2 305->309 313 7ff744a0285b-7ff744a0285e LocalFree 308->313 325 7ff744a0266f-7ff744a0267a call 7ff744a0147c 309->325 326 7ff744a02668-7ff744a0266a 309->326 313->315 318 7ff744a02884-7ff744a0289d 315->318 319 7ff744a0287b-7ff744a0287e 315->319 319->318 320->321 321->302 329 7ff744a02680-7ff744a02695 325->329 330 7ff744a0289e-7ff744a028ab call 7ff744a01230 325->330 326->313 334 7ff744a027d2-7ff744a027e7 329->334 335 7ff744a0269b 329->335 334->326 336 7ff744a027ed-7ff744a027f6 334->336 337 7ff744a026a0-7ff744a026c5 call 7ff744a01aec call 7ff744a02be4 call 7ff744a028ac 335->337 336->326 345 7ff744a026f8-7ff744a026ff call 7ff744a02904 337->345 346 7ff744a026c7-7ff744a026d4 call 7ff744a02998 337->346 353 7ff744a02701-7ff744a0270c call 7ff744a02904 345->353 354 7ff744a02780-7ff744a0279e call 7ff744a022e8 345->354 351 7ff744a027fb 346->351 352 7ff744a026da-7ff744a026ea call 7ff744a02208 346->352 356 7ff744a027ff-7ff744a02803 351->356 352->351 363 7ff744a026f0-7ff744a026f3 352->363 368 7ff744a02712-7ff744a02751 call 7ff744a02b4c call 7ff744a02998 353->368 369 7ff744a02841-7ff744a02846 353->369 366 7ff744a027a4-7ff744a027b7 354->366 367 7ff744a02848-7ff744a02854 354->367 360 7ff744a02807-7ff744a02814 356->360 364 7ff744a02816-7ff744a02819 360->364 365 7ff744a0281f-7ff744a02834 360->365 363->366 364->365 365->313 370 7ff744a02836-7ff744a0283f 365->370 371 7ff744a027c2-7ff744a027c8 366->371 372 7ff744a027b9-7ff744a027bc 366->372 367->360 379 7ff744a02753-7ff744a02756 368->379 380 7ff744a0275c-7ff744a0275e 368->380 369->351 370->313 371->337 375 7ff744a027ce 371->375 372->371 375->334 379->380 380->356 381 7ff744a02764-7ff744a02775 call 7ff744a02208 380->381 381->356 384 7ff744a0277b-7ff744a0277e 381->384 384->366
                                                                                                                                                                            APIs
                                                                                                                                                                            • CommandLineToArgvW.SHELL32 ref: 00007FF744A025EE
                                                                                                                                                                              • Part of subcall function 00007FF744A017A8: GetModuleFileNameW.KERNEL32(?,?,?,00007FF744A018AF,?,?,?,00007FF744A01900,?,?,?,00007FF744A04166,?,?,?,00007FF744A04397), ref: 00007FF744A0181F
                                                                                                                                                                            • LocalFree.KERNEL32 ref: 00007FF744A0285E
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1680034680.00007FF744A01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF744A00000, based on PE: true
                                                                                                                                                                            • Associated: 00000004.00000002.1680013081.00007FF744A00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680058258.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680083046.00007FF744A29000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680100665.00007FF744A2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff744a00000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ArgvCommandFileFreeLineLocalModuleName
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 871553864-0
                                                                                                                                                                            • Opcode ID: 68d2023c3308c72c8f942df7f976dc653d2697b746f26bdb1623dfaa2d38b52a
                                                                                                                                                                            • Instruction ID: dd30e9f71a4fe586290a446991abf6fa10daf0085c6cbaa6b487f67fd1f6a64c
                                                                                                                                                                            • Opcode Fuzzy Hash: 68d2023c3308c72c8f942df7f976dc653d2697b746f26bdb1623dfaa2d38b52a
                                                                                                                                                                            • Instruction Fuzzy Hash: 62A18363B08B42C1EB10BF7AC8846ADA761FB44BB8B944231DE2D576D9DF38D845D360
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00007FF744A0CD35 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1680034680.00007FF744A01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF744A00000, based on PE: true
                                                                                                                                                                            • Associated: 00000004.00000002.1680013081.00007FF744A00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680058258.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680083046.00007FF744A29000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680100665.00007FF744A2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff744a00000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3947729631-0
                                                                                                                                                                            • Opcode ID: ab5672b8206b1259b8ff5942ab4e8ee7d0982f89718f223ccbdc1d18da8d6cb8
                                                                                                                                                                            • Instruction ID: 52ab1950e1e151b7f3283606dfff2aa65ac4e3147757634aef51be58386d00b6
                                                                                                                                                                            • Opcode Fuzzy Hash: ab5672b8206b1259b8ff5942ab4e8ee7d0982f89718f223ccbdc1d18da8d6cb8
                                                                                                                                                                            • Instruction Fuzzy Hash: 8721A072B19A01CAEB68AF75C0846AC37B0EB44718FA40636DA1D06AC9DF38D486D760
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00007FF744A132A0 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1680034680.00007FF744A01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF744A00000, based on PE: true
                                                                                                                                                                            • Associated: 00000004.00000002.1680013081.00007FF744A00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680058258.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680083046.00007FF744A29000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680100665.00007FF744A2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff744a00000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                            • Opcode ID: 03759c3ce407c5307847b7b93929e8982ebd359f1e2c61a00043aec005732ce4
                                                                                                                                                                            • Instruction ID: ef677f4b01bf9493e29a6cf272ff1738ac33c1f684c2fa6d6b4176507b3a5e47
                                                                                                                                                                            • Opcode Fuzzy Hash: 03759c3ce407c5307847b7b93929e8982ebd359f1e2c61a00043aec005732ce4
                                                                                                                                                                            • Instruction Fuzzy Hash: 59113736B1C682C6F310BF16A4C0979A6A4FB44740FA54434DE9D5779ADE3CE811AB34
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00007FF744A10CC0 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            • RtlAllocateHeap.NTDLL(?,?,00000000,00007FF744A1065E,?,?,00000004,00007FF744A0B90D,?,?,?,?,00007FF744A1148A,?,?,00000000), ref: 00007FF744A10D15
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1680034680.00007FF744A01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF744A00000, based on PE: true
                                                                                                                                                                            • Associated: 00000004.00000002.1680013081.00007FF744A00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680058258.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680083046.00007FF744A29000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680100665.00007FF744A2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff744a00000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                                            • Opcode ID: 3759019bf3abfeebbe8fbdaa3811d609cf2ed7db6f0fb0c2878c2b7c67cbfc2f
                                                                                                                                                                            • Instruction ID: 6270786882535b70c78dc8d221907aed85b79bc9547b4a36852bb4c077c2b61f
                                                                                                                                                                            • Opcode Fuzzy Hash: 3759019bf3abfeebbe8fbdaa3811d609cf2ed7db6f0fb0c2878c2b7c67cbfc2f
                                                                                                                                                                            • Instruction Fuzzy Hash: E7F04F54B0E25BC5FF94BEA354C5BB5A2A41F89740FA85430DD0E4678ADE2CF481A230
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00007FF744A04A6C Relevance: 1.5, APIs: 1, Instructions: 15registryCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 467 7ff744a04a6c-7ff744a04a83 RegOverridePredefKey 468 7ff744a04a85-7ff744a04a92 467->468 469 7ff744a04a94 467->469 470 7ff744a04a96-7ff744a04a9a 468->470 469->470
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1680034680.00007FF744A01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF744A00000, based on PE: true
                                                                                                                                                                            • Associated: 00000004.00000002.1680013081.00007FF744A00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680058258.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680083046.00007FF744A29000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680100665.00007FF744A2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff744a00000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: OverridePredef
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 898253552-0
                                                                                                                                                                            • Opcode ID: a54fe31a83ffca700cab3f2df1340a5a0451b92f8e500fe702df7ff68e3a2b60
                                                                                                                                                                            • Instruction ID: 8f53445ad89aa1f49ea87d16a8875368c35893c3dae0646bcdccbf134bfff7d2
                                                                                                                                                                            • Opcode Fuzzy Hash: a54fe31a83ffca700cab3f2df1340a5a0451b92f8e500fe702df7ff68e3a2b60
                                                                                                                                                                            • Instruction Fuzzy Hash: 33D0C924B2E953C2FB48BA370C9577691D16F88671FF44638DD6EC02E8ED0CD946A139
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                            Function 00007FF744A0498C Relevance: 13.5, APIs: 9, Instructions: 42clipboardmemorystringCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1680034680.00007FF744A01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF744A00000, based on PE: true
                                                                                                                                                                            • Associated: 00000004.00000002.1680013081.00007FF744A00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680058258.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680083046.00007FF744A29000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680100665.00007FF744A2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff744a00000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ClipboardGlobal$AllocCloseDataEmptyFreeLockOpenUnlocklstrlen
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2633044538-0
                                                                                                                                                                            • Opcode ID: 6352fce9b027cbcad951bd88884d2899684f12d3dcad91e103972fcb2fd759b9
                                                                                                                                                                            • Instruction ID: 24089f73d0166348263522ea2b5db43c0af0171234d6aac24e15cf8f68ccd166
                                                                                                                                                                            • Opcode Fuzzy Hash: 6352fce9b027cbcad951bd88884d2899684f12d3dcad91e103972fcb2fd759b9
                                                                                                                                                                            • Instruction Fuzzy Hash: 2E011220B0D642C6EB14BF63A988979E3A9AF49FC1F984038DD0E477ADDE2CD444D230
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00007FF744A05994 Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1680034680.00007FF744A01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF744A00000, based on PE: true
                                                                                                                                                                            • Associated: 00000004.00000002.1680013081.00007FF744A00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680058258.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680083046.00007FF744A29000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680100665.00007FF744A2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff744a00000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3140674995-0
                                                                                                                                                                            • Opcode ID: 856f282e32df8d73fe04972479197951aa21ac118391512de7235e9480e850fc
                                                                                                                                                                            • Instruction ID: 9bc9ae0fbe3a9361d5f6e0b2a4d5718a093be2a6b3ea1ffc7d47913d7ebba8ae
                                                                                                                                                                            • Opcode Fuzzy Hash: 856f282e32df8d73fe04972479197951aa21ac118391512de7235e9480e850fc
                                                                                                                                                                            • Instruction Fuzzy Hash: CF312A62709B81CAEB60EF61E8847EDB364FB85744F944039DA4D47A98DF38D548C720
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00007FF744A0B4C8 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1680034680.00007FF744A01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF744A00000, based on PE: true
                                                                                                                                                                            • Associated: 00000004.00000002.1680013081.00007FF744A00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680058258.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680083046.00007FF744A29000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680100665.00007FF744A2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff744a00000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1239891234-0
                                                                                                                                                                            • Opcode ID: 6dbf2d4e52e93027aaca7cf5313114e00885297a862569c248cde5624a2a885f
                                                                                                                                                                            • Instruction ID: 82b185d98192a157c3cdf54e01612bec86a7ccff19fcd51d5f9f4decd724b95f
                                                                                                                                                                            • Opcode Fuzzy Hash: 6dbf2d4e52e93027aaca7cf5313114e00885297a862569c248cde5624a2a885f
                                                                                                                                                                            • Instruction Fuzzy Hash: 93315232708B81C6D760EF26E8846AEB3A4FB88754FA00135EE8D47B58DF38D555CB20
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00007FF744A04CE8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00007FF744A04D6B
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1680034680.00007FF744A01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF744A00000, based on PE: true
                                                                                                                                                                            • Associated: 00000004.00000002.1680013081.00007FF744A00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680058258.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680083046.00007FF744A29000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680100665.00007FF744A2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff744a00000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CountCriticalDebugDebuggerErrorInitializeLastOutputPresentSectionSpinString
                                                                                                                                                                            • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                            • API String ID: 450123788-631824599
                                                                                                                                                                            • Opcode ID: 6d4ae9a61894bf9dc68d31e19d5d557322089d6c62bf4dfdcca0423adfd2fa08
                                                                                                                                                                            • Instruction ID: e00bed3be186162dda233c7bb898c49b50bc0870f2b55a8ed6026fbf77f8c149
                                                                                                                                                                            • Opcode Fuzzy Hash: 6d4ae9a61894bf9dc68d31e19d5d557322089d6c62bf4dfdcca0423adfd2fa08
                                                                                                                                                                            • Instruction Fuzzy Hash: CC115E31B18B42D6E744BF22D5897A9B2A4FB44354FA04035CA4D86659EF3CE0A8D730
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00007FF744A05300 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 61libraryloaderCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1680034680.00007FF744A01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF744A00000, based on PE: true
                                                                                                                                                                            • Associated: 00000004.00000002.1680013081.00007FF744A00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680058258.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680083046.00007FF744A29000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680100665.00007FF744A2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff744a00000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
                                                                                                                                                                            • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                            • API String ID: 2565136772-3242537097
                                                                                                                                                                            • Opcode ID: d0932d7c438688d582f413cb499b0fb58ae1f7555594c2062416a4d41a1e6a08
                                                                                                                                                                            • Instruction ID: 3230c6ecfc81f5fb9af9b88b9b01f480f941daa862ae3c26bb591728e58a4dfc
                                                                                                                                                                            • Opcode Fuzzy Hash: d0932d7c438688d582f413cb499b0fb58ae1f7555594c2062416a4d41a1e6a08
                                                                                                                                                                            • Instruction Fuzzy Hash: CF21CC20B1D603C1FB55FF22A8E89B5A2A8BF45B40FE45435CD0E0669CDE6CA545E731
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00007FF744A0889C Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 312COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1680034680.00007FF744A01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF744A00000, based on PE: true
                                                                                                                                                                            • Associated: 00000004.00000002.1680013081.00007FF744A00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680058258.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680083046.00007FF744A29000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680100665.00007FF744A2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff744a00000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Frame$BlockEstablisherHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                            • String ID: csm$csm$csm
                                                                                                                                                                            • API String ID: 3606184308-393685449
                                                                                                                                                                            • Opcode ID: 5938e31c2149abbec4c5cfa09968dd6a3a4af182ad2785b0433422f5d76a9126
                                                                                                                                                                            • Instruction ID: d4302d442dd00b1bcb5ea613074c267b1fc149eb8ab4af5127afcca85d27f580
                                                                                                                                                                            • Opcode Fuzzy Hash: 5938e31c2149abbec4c5cfa09968dd6a3a4af182ad2785b0433422f5d76a9126
                                                                                                                                                                            • Instruction Fuzzy Hash: A9D19F32A0CB41C6EB20BF7694846ADB7A0FB55798F600139DE4D57B59CF38E084D725
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00007FF744A0AFBC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,?,?,00007FF744A0B26E,?,?,?,00007FF744A07F1C,?,?,?,?,00007FF744A06CE5), ref: 00007FF744A0B041
                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00007FF744A0B26E,?,?,?,00007FF744A07F1C,?,?,?,?,00007FF744A06CE5), ref: 00007FF744A0B04F
                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,?,?,00007FF744A0B26E,?,?,?,00007FF744A07F1C,?,?,?,?,00007FF744A06CE5), ref: 00007FF744A0B079
                                                                                                                                                                            • FreeLibrary.KERNEL32(?,?,?,00007FF744A0B26E,?,?,?,00007FF744A07F1C,?,?,?,?,00007FF744A06CE5), ref: 00007FF744A0B0BF
                                                                                                                                                                            • GetProcAddress.KERNEL32(?,?,?,00007FF744A0B26E,?,?,?,00007FF744A07F1C,?,?,?,?,00007FF744A06CE5), ref: 00007FF744A0B0CB
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1680034680.00007FF744A01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF744A00000, based on PE: true
                                                                                                                                                                            • Associated: 00000004.00000002.1680013081.00007FF744A00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680058258.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680083046.00007FF744A29000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680100665.00007FF744A2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff744a00000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                            • String ID: api-ms-
                                                                                                                                                                            • API String ID: 2559590344-2084034818
                                                                                                                                                                            • Opcode ID: f8e1ab219166680134276f99460196be67dd5d4fd441d943d03bdf1987045396
                                                                                                                                                                            • Instruction ID: 140830d0e6fe976a07d0859669f3128c937601812d6a6b3b428776acdb67466c
                                                                                                                                                                            • Opcode Fuzzy Hash: f8e1ab219166680134276f99460196be67dd5d4fd441d943d03bdf1987045396
                                                                                                                                                                            • Instruction Fuzzy Hash: 83319F21B1E641D1FB11FF63A988A75A2A4BF08BA4FA94534DD2D06788DF3CE448D331
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00007FF744A04878 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 64windowCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1680034680.00007FF744A01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF744A00000, based on PE: true
                                                                                                                                                                            • Associated: 00000004.00000002.1680013081.00007FF744A00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680058258.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680083046.00007FF744A29000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680100665.00007FF744A2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff744a00000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExitMessageProcesswsprintf
                                                                                                                                                                            • String ID: Exception$Exception %x in %s %s %u%hs:%d$base\logging.cc
                                                                                                                                                                            • API String ID: 1070390611-1730742759
                                                                                                                                                                            • Opcode ID: 7bc731f639765bbc45b412fa4d5d969e96db5bb59056e3641ba6b012cfbdfdd4
                                                                                                                                                                            • Instruction ID: ca56b27c46fb0777aa56ca18ba928f3b2d3fa38a9eefcaf6c9872169e3f1c1c8
                                                                                                                                                                            • Opcode Fuzzy Hash: 7bc731f639765bbc45b412fa4d5d969e96db5bb59056e3641ba6b012cfbdfdd4
                                                                                                                                                                            • Instruction Fuzzy Hash: EC31AE32B0CA42C1E710FF26E485A69A364FB847A4FA44236DA5D43699CF3CD504DB60
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00007FF744A10484 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1680034680.00007FF744A01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF744A00000, based on PE: true
                                                                                                                                                                            • Associated: 00000004.00000002.1680013081.00007FF744A00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680058258.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680083046.00007FF744A29000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680100665.00007FF744A2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff744a00000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Value$ErrorLast
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2506987500-0
                                                                                                                                                                            • Opcode ID: 337752e74d537d3fb1c8ed90e055371beaa0f34e4c906e10c9e35874f69b4d59
                                                                                                                                                                            • Instruction ID: 8556b2044acbfdccad6a46f28f16f073aec6ffded4b10a5afc355036d1168f93
                                                                                                                                                                            • Opcode Fuzzy Hash: 337752e74d537d3fb1c8ed90e055371beaa0f34e4c906e10c9e35874f69b4d59
                                                                                                                                                                            • Instruction Fuzzy Hash: 6C212C10B0D662C1F754BB2355C5839F1A66F487B0FB44635DD6E16ECEDE2CA441A630
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00007FF744A17570 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1680034680.00007FF744A01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF744A00000, based on PE: true
                                                                                                                                                                            • Associated: 00000004.00000002.1680013081.00007FF744A00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680058258.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680083046.00007FF744A29000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680100665.00007FF744A2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff744a00000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                            • String ID: CONOUT$
                                                                                                                                                                            • API String ID: 3230265001-3130406586
                                                                                                                                                                            • Opcode ID: 6744946ae0f340affcf5deff357b5612c7dd714733c0c5371dfc196223539289
                                                                                                                                                                            • Instruction ID: 09506043e5bf1c94c6f8804283e8473e121fa3dc32582fd8195b947867f11801
                                                                                                                                                                            • Opcode Fuzzy Hash: 6744946ae0f340affcf5deff357b5612c7dd714733c0c5371dfc196223539289
                                                                                                                                                                            • Instruction Fuzzy Hash: 97119021B1CA41C6E750BF13A894B25A2A4BB88FE4F640234DE1D4779CCF3CD444D760
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00007FF744A08D64 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 316COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1680034680.00007FF744A01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF744A00000, based on PE: true
                                                                                                                                                                            • Associated: 00000004.00000002.1680013081.00007FF744A00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680058258.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680083046.00007FF744A29000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680100665.00007FF744A2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff744a00000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                                                                                                                                                                            • String ID: csm$csm$csm
                                                                                                                                                                            • API String ID: 3523768491-393685449
                                                                                                                                                                            • Opcode ID: 26591c802a4259b13b1d66d889a493b927fbcf5d2857e053d389529106b2bb99
                                                                                                                                                                            • Instruction ID: 5ded6f4c838f6a20c82f90c58367275053947dfeebb49c5416f101609ae37441
                                                                                                                                                                            • Opcode Fuzzy Hash: 26591c802a4259b13b1d66d889a493b927fbcf5d2857e053d389529106b2bb99
                                                                                                                                                                            • Instruction Fuzzy Hash: EBE18D32A0C682CAE710FF36D488AADB7A4EB44748FA40135DE4D5769ACE38E585D730
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00007FF744A105FC Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetLastError.KERNEL32(?,?,00000004,00007FF744A0B90D,?,?,?,?,00007FF744A1148A,?,?,00000000,00007FF744A0BF83,?,?,?), ref: 00007FF744A1060B
                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,00000004,00007FF744A0B90D,?,?,?,?,00007FF744A1148A,?,?,00000000,00007FF744A0BF83,?,?,?), ref: 00007FF744A10641
                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,00000004,00007FF744A0B90D,?,?,?,?,00007FF744A1148A,?,?,00000000,00007FF744A0BF83,?,?,?), ref: 00007FF744A1066E
                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,00000004,00007FF744A0B90D,?,?,?,?,00007FF744A1148A,?,?,00000000,00007FF744A0BF83,?,?,?), ref: 00007FF744A1067F
                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,00000004,00007FF744A0B90D,?,?,?,?,00007FF744A1148A,?,?,00000000,00007FF744A0BF83,?,?,?), ref: 00007FF744A10690
                                                                                                                                                                            • SetLastError.KERNEL32(?,?,00000004,00007FF744A0B90D,?,?,?,?,00007FF744A1148A,?,?,00000000,00007FF744A0BF83,?,?,?), ref: 00007FF744A106AB
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1680034680.00007FF744A01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF744A00000, based on PE: true
                                                                                                                                                                            • Associated: 00000004.00000002.1680013081.00007FF744A00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680058258.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680083046.00007FF744A29000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680100665.00007FF744A2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff744a00000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Value$ErrorLast
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2506987500-0
                                                                                                                                                                            • Opcode ID: 5712cc44fb3870e7da7360faa01941ab53d3bfd94e8f330285dac57dd783fb5b
                                                                                                                                                                            • Instruction ID: 812e8361963e3d5da0d13406d8fd6f3c3de746d11c4f0f939389d811a12c81bd
                                                                                                                                                                            • Opcode Fuzzy Hash: 5712cc44fb3870e7da7360faa01941ab53d3bfd94e8f330285dac57dd783fb5b
                                                                                                                                                                            • Instruction Fuzzy Hash: DC114F20B0D262C1FB54BB2355D5839B1A26F887B0FB40735DC7D16ADEDE6CA401A630
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00007FF744A0CE68 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1680034680.00007FF744A01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF744A00000, based on PE: true
                                                                                                                                                                            • Associated: 00000004.00000002.1680013081.00007FF744A00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680058258.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680083046.00007FF744A29000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680100665.00007FF744A2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff744a00000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                            • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                            • API String ID: 4061214504-1276376045
                                                                                                                                                                            • Opcode ID: 8fa0014bd8cc9ad319b709363effa9625d4e159ced705655add725fefc1abf70
                                                                                                                                                                            • Instruction ID: 6b5ac4b34bee77b81327e9ca62cca4b6afe55a226f6cebe6d12b44786ceb81e4
                                                                                                                                                                            • Opcode Fuzzy Hash: 8fa0014bd8cc9ad319b709363effa9625d4e159ced705655add725fefc1abf70
                                                                                                                                                                            • Instruction Fuzzy Hash: DBF01D21B0E606C1EB14BF26A488B699370AF45761FA40635C96E455ECCF2CD049D230
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00007FF744A0816C Relevance: 7.8, APIs: 5, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1680034680.00007FF744A01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF744A00000, based on PE: true
                                                                                                                                                                            • Associated: 00000004.00000002.1680013081.00007FF744A00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680058258.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680083046.00007FF744A29000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680100665.00007FF744A2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff744a00000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AdjustPointer
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1740715915-0
                                                                                                                                                                            • Opcode ID: 4da5706cdb9565c04f999259001dba51b02a0139d752611930c9d8ada5766754
                                                                                                                                                                            • Instruction ID: 281149ad36d7b1d11378d76d19d68d683d43d0b7bdb83867f179bd02de32440e
                                                                                                                                                                            • Opcode Fuzzy Hash: 4da5706cdb9565c04f999259001dba51b02a0139d752611930c9d8ada5766754
                                                                                                                                                                            • Instruction Fuzzy Hash: EFB18121B0EE42C1EB65BF3295C8979E290AF44B84FA95439DE4D0778DDE3CE441A336
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00007FF744A16488 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1680034680.00007FF744A01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF744A00000, based on PE: true
                                                                                                                                                                            • Associated: 00000004.00000002.1680013081.00007FF744A00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680058258.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680083046.00007FF744A29000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680100665.00007FF744A2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff744a00000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _set_statfp
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1156100317-0
                                                                                                                                                                            • Opcode ID: 873ddd27d6e11e6a5cebdd6bc92ecbbe564fd9246daab4c3561fdf3265e0169f
                                                                                                                                                                            • Instruction ID: 088da75cf9fbe6496a476ad28760a287a1f21d40c2c49146da822bf8b83d7018
                                                                                                                                                                            • Opcode Fuzzy Hash: 873ddd27d6e11e6a5cebdd6bc92ecbbe564fd9246daab4c3561fdf3265e0169f
                                                                                                                                                                            • Instruction Fuzzy Hash: BF11B222F4CA0382F764392AD5D5B7590606F68379EBC4635EE7F962DF8E1CAC416130
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00007FF744A106C4 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • FlsGetValue.KERNEL32(?,?,?,00007FF744A0B457,?,?,00000000,00007FF744A0B6F2,?,?,?,?,?,00007FF744A0B67E), ref: 00007FF744A106E3
                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF744A0B457,?,?,00000000,00007FF744A0B6F2,?,?,?,?,?,00007FF744A0B67E), ref: 00007FF744A10702
                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF744A0B457,?,?,00000000,00007FF744A0B6F2,?,?,?,?,?,00007FF744A0B67E), ref: 00007FF744A1072A
                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF744A0B457,?,?,00000000,00007FF744A0B6F2,?,?,?,?,?,00007FF744A0B67E), ref: 00007FF744A1073B
                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF744A0B457,?,?,00000000,00007FF744A0B6F2,?,?,?,?,?,00007FF744A0B67E), ref: 00007FF744A1074C
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1680034680.00007FF744A01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF744A00000, based on PE: true
                                                                                                                                                                            • Associated: 00000004.00000002.1680013081.00007FF744A00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680058258.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680083046.00007FF744A29000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680100665.00007FF744A2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff744a00000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Value
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3702945584-0
                                                                                                                                                                            • Opcode ID: 3669e3dd6e8265979d328106abaed9e5f17b47101b1df01aae37e84564e7dc0f
                                                                                                                                                                            • Instruction ID: 676554c3b34e29d35ae1f695f0402be3f9b103fc75b03a1e24c7d68f9512bf21
                                                                                                                                                                            • Opcode Fuzzy Hash: 3669e3dd6e8265979d328106abaed9e5f17b47101b1df01aae37e84564e7dc0f
                                                                                                                                                                            • Instruction Fuzzy Hash: CA114D60F0D66281FB54BB2365D1979B1A26F447A0FF44735DC3D16ADEDE3CA401AA30
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00007FF744A10558 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1680034680.00007FF744A01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF744A00000, based on PE: true
                                                                                                                                                                            • Associated: 00000004.00000002.1680013081.00007FF744A00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680058258.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680083046.00007FF744A29000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680100665.00007FF744A2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff744a00000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Value
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3702945584-0
                                                                                                                                                                            • Opcode ID: 4f6461fc046f75d7c704ca68a7f15aa9e848f7d45c219bc67483a711a6206271
                                                                                                                                                                            • Instruction ID: 7af043b73284cdf382d47ae3a491dd3077531e56e8b95bbeb71c95a0a52b3a0c
                                                                                                                                                                            • Opcode Fuzzy Hash: 4f6461fc046f75d7c704ca68a7f15aa9e848f7d45c219bc67483a711a6206271
                                                                                                                                                                            • Instruction Fuzzy Hash: 5A110410B0D227C1FB58BA235491C79A1A25F49330EB84735DC2E0AACEDE3CB401BA30
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00007FF744A047FC Relevance: 7.5, APIs: 5, Instructions: 30sleepCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1680034680.00007FF744A01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF744A00000, based on PE: true
                                                                                                                                                                            • Associated: 00000004.00000002.1680013081.00007FF744A00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680058258.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680083046.00007FF744A29000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680100665.00007FF744A2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff744a00000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CountCriticalEnterSectionTick$Sleep
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1544504822-0
                                                                                                                                                                            • Opcode ID: d7e02f4f289bb2db9ce91d24be9f87c42b2c0c2816f87d5be78a77ea46c855c7
                                                                                                                                                                            • Instruction ID: b7cb68a1f6744e7387845889b2dfff0e14fbb888efd58181524b20566534ba59
                                                                                                                                                                            • Opcode Fuzzy Hash: d7e02f4f289bb2db9ce91d24be9f87c42b2c0c2816f87d5be78a77ea46c855c7
                                                                                                                                                                            • Instruction Fuzzy Hash: 71F06D21B0C682C2EB60BF33A5C9879A364BF48B84FA45434DD0E5365DDF2CE489E230
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00007FF744A09478 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 191COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1680034680.00007FF744A01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF744A00000, based on PE: true
                                                                                                                                                                            • Associated: 00000004.00000002.1680013081.00007FF744A00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680058258.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680083046.00007FF744A29000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680100665.00007FF744A2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff744a00000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CallEncodePointerTranslator
                                                                                                                                                                            • String ID: MOC$RCC
                                                                                                                                                                            • API String ID: 3544855599-2084237596
                                                                                                                                                                            • Opcode ID: b6fc49948377dbb17c79eb66b37f6f8a3153f90d6d985a9f30fed9b3837e03c0
                                                                                                                                                                            • Instruction ID: 02d93bef74b25b42f40dadaf16659ad2dbaf21e1085c752a10d8a3bc880374ac
                                                                                                                                                                            • Opcode Fuzzy Hash: b6fc49948377dbb17c79eb66b37f6f8a3153f90d6d985a9f30fed9b3837e03c0
                                                                                                                                                                            • Instruction Fuzzy Hash: 6B919C73A08681CAE711EF76E8846ACBBA4FB04788F644129EF4C17759DF38D195DB20
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00007FF744A09260 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1680034680.00007FF744A01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF744A00000, based on PE: true
                                                                                                                                                                            • Associated: 00000004.00000002.1680013081.00007FF744A00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680058258.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680083046.00007FF744A29000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680100665.00007FF744A2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff744a00000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CallEncodePointerTranslator
                                                                                                                                                                            • String ID: MOC$RCC
                                                                                                                                                                            • API String ID: 3544855599-2084237596
                                                                                                                                                                            • Opcode ID: 0ba2e5d5ee8c16ecea0c98da0d86f313a25d7fe570d73a396aa5ff547c76d6c9
                                                                                                                                                                            • Instruction ID: 2eda39bca3da4a11275488eb0dda2a72d5a45587f83ed6dd9aa3be9c53d7b1c8
                                                                                                                                                                            • Opcode Fuzzy Hash: 0ba2e5d5ee8c16ecea0c98da0d86f313a25d7fe570d73a396aa5ff547c76d6c9
                                                                                                                                                                            • Instruction Fuzzy Hash: 00516A32A08B85CAE720EF66D0847ADB7A4F744B88F644125EF4D17BA9DF38E045C720
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00007FF744A099EC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1680034680.00007FF744A01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF744A00000, based on PE: true
                                                                                                                                                                            • Associated: 00000004.00000002.1680013081.00007FF744A00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680058258.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680083046.00007FF744A29000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680100665.00007FF744A2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff744a00000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                            • String ID: csm$csm
                                                                                                                                                                            • API String ID: 3896166516-3733052814
                                                                                                                                                                            • Opcode ID: 3712c0d4f12c1149fd05604199ca1cc57295d877ee970cbb819e1eb600357671
                                                                                                                                                                            • Instruction ID: dc17b4cac2f19f0373c9bcc568f0ff519d4fd2219e4eb67b0479ae1a4ceff744
                                                                                                                                                                            • Opcode Fuzzy Hash: 3712c0d4f12c1149fd05604199ca1cc57295d877ee970cbb819e1eb600357671
                                                                                                                                                                            • Instruction Fuzzy Hash: CA518F32A0C242C6EB24FF2294C8A68B694FB51B94FA44135DF4D47AD9CF3CE461DB20
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00007FF744A157CC Relevance: 6.3, APIs: 4, Instructions: 305fileCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1680034680.00007FF744A01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF744A00000, based on PE: true
                                                                                                                                                                            • Associated: 00000004.00000002.1680013081.00007FF744A00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680058258.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680083046.00007FF744A29000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680100665.00007FF744A2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff744a00000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2718003287-0
                                                                                                                                                                            • Opcode ID: 558573b1c91571b686ab66984aeb02d817c8bfb1d7119360fd03e322ea697503
                                                                                                                                                                            • Instruction ID: d2e97584a50e7aa7f958bf053418b0c10bd8975685cd0be9254d46e30c9912cb
                                                                                                                                                                            • Opcode Fuzzy Hash: 558573b1c91571b686ab66984aeb02d817c8bfb1d7119360fd03e322ea697503
                                                                                                                                                                            • Instruction Fuzzy Hash: 94D1C132B0CA81C9E711EF76D480AACB7B5F744798BA44232CE5D57B9DDA38D406D720
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00007FF744A16110 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FF744A160B0), ref: 00007FF744A16233
                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FF744A160B0), ref: 00007FF744A162BD
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1680034680.00007FF744A01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF744A00000, based on PE: true
                                                                                                                                                                            • Associated: 00000004.00000002.1680013081.00007FF744A00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680058258.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680083046.00007FF744A29000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680100665.00007FF744A2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff744a00000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ConsoleErrorLastMode
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 953036326-0
                                                                                                                                                                            • Opcode ID: 039988a083969568b42bf290a041371ef1dd6a4258fc4d1a49b43e5c6b676dc4
                                                                                                                                                                            • Instruction ID: 2577ebca9129390aea953e39c6282d376ddde060831883d852a2290a2e77f278
                                                                                                                                                                            • Opcode Fuzzy Hash: 039988a083969568b42bf290a041371ef1dd6a4258fc4d1a49b43e5c6b676dc4
                                                                                                                                                                            • Instruction Fuzzy Hash: 1691BF62F1C652C6E750FF669480ABDA7B4BB04788FA84135DE0E9769CCE38D845E730
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00007FF744A04DC4 Relevance: 6.1, APIs: 4, Instructions: 91COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?,?,?,00007FF744A01324,?,?,?,00007FF744A01B30,?,?,?,00007FF744A03E07), ref: 00007FF744A04DE2
                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(?,?,?,00007FF744A01324,?,?,?,00007FF744A01B30,?,?,?,00007FF744A03E07), ref: 00007FF744A04E00
                                                                                                                                                                            • _set_fmode.LIBCMT ref: 00007FF744A04E53
                                                                                                                                                                            • _RTC_Initialize.LIBCMT ref: 00007FF744A04E74
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1680034680.00007FF744A01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF744A00000, based on PE: true
                                                                                                                                                                            • Associated: 00000004.00000002.1680013081.00007FF744A00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680058258.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680083046.00007FF744A29000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680100665.00007FF744A2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff744a00000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CriticalSection$EnterInitializeLeave_set_fmode
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2803588085-0
                                                                                                                                                                            • Opcode ID: 034e50919c5ab0792a7cba575e5add851db26900540ec2dfc135d57f6124a83b
                                                                                                                                                                            • Instruction ID: 5e41f77ddaecd2c1674c43c4ec1b6f1ffa99317b5e15baedef7a37a82438a6c6
                                                                                                                                                                            • Opcode Fuzzy Hash: 034e50919c5ab0792a7cba575e5add851db26900540ec2dfc135d57f6124a83b
                                                                                                                                                                            • Instruction Fuzzy Hash: 0E310921F0C642C2FB14BFB3A5CA9B99260AF85790FA40434EE4D066DFDE2CF451A231
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00007FF744A09C24 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 163COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1680034680.00007FF744A01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF744A00000, based on PE: true
                                                                                                                                                                            • Associated: 00000004.00000002.1680013081.00007FF744A00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680058258.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680083046.00007FF744A29000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680100665.00007FF744A2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff744a00000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: __except_validate_context_record
                                                                                                                                                                            • String ID: csm$csm
                                                                                                                                                                            • API String ID: 1467352782-3733052814
                                                                                                                                                                            • Opcode ID: 376617b287ec064cc8087895f8245221c5592c5f98e766c62e2617e735b440cd
                                                                                                                                                                            • Instruction ID: 5377bb884fc6b3b5e486b7aa60bf0219bcc3d004a65c8e1126383f7864bb5e75
                                                                                                                                                                            • Opcode Fuzzy Hash: 376617b287ec064cc8087895f8245221c5592c5f98e766c62e2617e735b440cd
                                                                                                                                                                            • Instruction Fuzzy Hash: EC719272A0C681CAD761BF329498A7DB7A5EB04B85FA48135DF4C07A89CB3CD590D721
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00007FF744A0A254 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 117COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1680034680.00007FF744A01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF744A00000, based on PE: true
                                                                                                                                                                            • Associated: 00000004.00000002.1680013081.00007FF744A00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680058258.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680083046.00007FF744A29000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680100665.00007FF744A2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff744a00000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CreateFrameInfo__except_validate_context_record
                                                                                                                                                                            • String ID: csm
                                                                                                                                                                            • API String ID: 2558813199-1018135373
                                                                                                                                                                            • Opcode ID: e0e163a061f5fd86d3b0bc4f115189f4d0de6791220c887537f2f0b5cbdb6146
                                                                                                                                                                            • Instruction ID: bf7c99a2322ce6b863bdeab716a7fbeef5092035a721410ac1a6b85f3f8c7a3d
                                                                                                                                                                            • Opcode Fuzzy Hash: e0e163a061f5fd86d3b0bc4f115189f4d0de6791220c887537f2f0b5cbdb6146
                                                                                                                                                                            • Instruction Fuzzy Hash: 30511B76A1C741C6E720BF26E4886ADB7A4F788B90F640135DE9D07B5ACF38D4519B20
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00007FF744A15E78 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1680034680.00007FF744A01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF744A00000, based on PE: true
                                                                                                                                                                            • Associated: 00000004.00000002.1680013081.00007FF744A00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680058258.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680083046.00007FF744A29000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680100665.00007FF744A2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff744a00000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ErrorFileLastWrite
                                                                                                                                                                            • String ID: U
                                                                                                                                                                            • API String ID: 442123175-4171548499
                                                                                                                                                                            • Opcode ID: 61e99a1328edc6c7ec8fa9f7610307a0d0c7835356aade33a271f142cd54f7cf
                                                                                                                                                                            • Instruction ID: 017dce2ad36a5d4fe939890d829094d8411426511b81eef92f4192eb41584f22
                                                                                                                                                                            • Opcode Fuzzy Hash: 61e99a1328edc6c7ec8fa9f7610307a0d0c7835356aade33a271f142cd54f7cf
                                                                                                                                                                            • Instruction Fuzzy Hash: F0419422B1D641C6DB20EF26E484BA9B765FB88794F944031EE4D87798DF3CD445D720
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00007FF744A178E8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 43COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • __C_specific_handler.LIBVCRUNTIME ref: 00007FF744A178F8
                                                                                                                                                                              • Part of subcall function 00007FF744A06AA8: __except_validate_context_record.LIBVCRUNTIME ref: 00007FF744A06AD3
                                                                                                                                                                              • Part of subcall function 00007FF744A06AA8: _IsNonwritableInCurrentImage.LIBCMT ref: 00007FF744A06B68
                                                                                                                                                                              • Part of subcall function 00007FF744A06AA8: RtlUnwindEx.KERNEL32 ref: 00007FF744A06BB7
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1680034680.00007FF744A01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF744A00000, based on PE: true
                                                                                                                                                                            • Associated: 00000004.00000002.1680013081.00007FF744A00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680058258.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680083046.00007FF744A29000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680100665.00007FF744A2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff744a00000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: C_specific_handlerCurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                            • String ID: csm$f
                                                                                                                                                                            • API String ID: 3112662972-629598281
                                                                                                                                                                            • Opcode ID: 75fe812e090a62ea16aaf9a07a0bae683ccfdb612d7947684b0b506522d6098b
                                                                                                                                                                            • Instruction ID: 739126de976d40fad661f7c99ec773165e116ecdeddc27edbb5fe3e290ee03cc
                                                                                                                                                                            • Opcode Fuzzy Hash: 75fe812e090a62ea16aaf9a07a0bae683ccfdb612d7947684b0b506522d6098b
                                                                                                                                                                            • Instruction Fuzzy Hash: FDF0A725B0C242C0EB503F32A0C46BCAAB0BF45754F689434DE5C0738ACE3CD4A09634
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00007FF744A07BFC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF744A060BE), ref: 00007FF744A07C40
                                                                                                                                                                            • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF744A060BE), ref: 00007FF744A07C86
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.1680034680.00007FF744A01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF744A00000, based on PE: true
                                                                                                                                                                            • Associated: 00000004.00000002.1680013081.00007FF744A00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680058258.00007FF744A19000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680083046.00007FF744A29000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000004.00000002.1680100665.00007FF744A2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff744a00000_BraveUpdateComRegisterShell64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                            • String ID: csm
                                                                                                                                                                            • API String ID: 2573137834-1018135373
                                                                                                                                                                            • Opcode ID: 03777b1816255e2506ae4b714f773a70b19ae6a9c3f00a805364dd9ab622737b
                                                                                                                                                                            • Instruction ID: 8bce6d8160cfbc1c8e8b652a3c4b46b917db5f8af398e2b3be00e8efa0c75cd9
                                                                                                                                                                            • Opcode Fuzzy Hash: 03777b1816255e2506ae4b714f773a70b19ae6a9c3f00a805364dd9ab622737b
                                                                                                                                                                            • Instruction Fuzzy Hash: 8611823660CB41C2EB10AF26E484659B7E5FB88B94FA84234EE8C07758DF3CD551C720
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Executed Functions

                                                                                                                                                                            Function 00C71152 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 99processCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00C71000: GetModuleHandleW.KERNEL32(kernel32.dll,SetDefaultDllDirectories,00C7116C), ref: 00C7100A
                                                                                                                                                                              • Part of subcall function 00C71000: GetProcAddress.KERNEL32(00000000), ref: 00C71011
                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(00000000,?,00000207), ref: 00C7119B
                                                                                                                                                                            • PathRemoveFileSpecW.SHLWAPI(?), ref: 00C711BE
                                                                                                                                                                            • PathRemoveFileSpecW.SHLWAPI(?), ref: 00C711D8
                                                                                                                                                                            • PathAppendW.SHLWAPI(?,BraveUpdate.exe), ref: 00C711E6
                                                                                                                                                                            • CreateProcessW.KERNELBASE(00000000,00000022,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?), ref: 00C71253
                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00C7126A
                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00C71272
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 0000000E.00000002.1748984344.0000000000C71000.00000020.00000001.01000000.00000011.sdmp, Offset: 00C70000, based on PE: true
                                                                                                                                                                            • Associated: 0000000E.00000002.1748961804.0000000000C70000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 0000000E.00000002.1749004785.0000000000C7E000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 0000000E.00000002.1749024366.0000000000C84000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 0000000E.00000002.1749041792.0000000000C86000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_14_2_c70000_BraveUpdateOnDemand.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: FileHandlePath$CloseModuleRemoveSpec$AddressAppendCreateNameProcProcess
                                                                                                                                                                            • String ID: "$" /ondemand $BraveUpdate.exe$D
                                                                                                                                                                            • API String ID: 1697256010-3473998726
                                                                                                                                                                            • Opcode ID: 7224b988da63514cfbb8d8a671d95df340406d8509bdd4da699f6f7a8fded200
                                                                                                                                                                            • Instruction ID: 603b274f01e61b92f70533bca90121de0068ed10583f48ae3a7af091bf771d46
                                                                                                                                                                            • Opcode Fuzzy Hash: 7224b988da63514cfbb8d8a671d95df340406d8509bdd4da699f6f7a8fded200
                                                                                                                                                                            • Instruction Fuzzy Hash: 4C3173F290021CAADF209B74DC4AFDF77BCAB09344F4485A5AB0DE2142DA749A849A65
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00C77F35 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 23 c77f35-c77f41 24 c77fd3-c77fd6 23->24 25 c77f46-c77f57 24->25 26 c77fdc 24->26 28 c77f64-c77f7d LoadLibraryExW 25->28 29 c77f59-c77f5c 25->29 27 c77fde-c77fe2 26->27 30 c77fe3-c77ff3 28->30 31 c77f7f-c77f88 GetLastError 28->31 32 c77f62 29->32 33 c77ffc-c77ffe 29->33 30->33 36 c77ff5-c77ff6 FreeLibrary 30->36 34 c77fc1-c77fce 31->34 35 c77f8a-c77f9c call c75708 31->35 37 c77fd0 32->37 33->27 34->37 35->34 40 c77f9e-c77fb0 call c75708 35->40 36->33 37->24 40->34 43 c77fb2-c77fbf LoadLibraryExW 40->43 43->30 43->34
                                                                                                                                                                            APIs
                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,00C78042,00C788AA,?,00000000,00000000,00000000,?,00C7819C,00000021,FlsSetValue,00C8000C,00C80014,00000000), ref: 00C77FF6
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 0000000E.00000002.1748984344.0000000000C71000.00000020.00000001.01000000.00000011.sdmp, Offset: 00C70000, based on PE: true
                                                                                                                                                                            • Associated: 0000000E.00000002.1748961804.0000000000C70000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 0000000E.00000002.1749004785.0000000000C7E000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 0000000E.00000002.1749024366.0000000000C84000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 0000000E.00000002.1749041792.0000000000C86000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_14_2_c70000_BraveUpdateOnDemand.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: FreeLibrary
                                                                                                                                                                            • String ID: api-ms-$ext-ms-
                                                                                                                                                                            • API String ID: 3664257935-537541572
                                                                                                                                                                            • Opcode ID: 9646fafb26be196ba6f82d546f4d0be3a718fce304546ff785a537e69fd4a52c
                                                                                                                                                                            • Instruction ID: 787a16e6477375ea0bbc4fca04fa132d7a01ae5bdd7014bc79adbbca9846c60d
                                                                                                                                                                            • Opcode Fuzzy Hash: 9646fafb26be196ba6f82d546f4d0be3a718fce304546ff785a537e69fd4a52c
                                                                                                                                                                            • Instruction Fuzzy Hash: 0E212B72A08618E7DB219BB1AD81B5E3758DF05770F118360E92DA7280DBB0EE00C6D0
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00C74C21 Relevance: 4.5, APIs: 3, Instructions: 15COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00C74D34,?,00C74C1B,00000000,?,?,00C74D34,85CEDA66,?,00C74D34), ref: 00C74C32
                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000,?,00C74C1B,00000000,?,?,00C74D34,85CEDA66,?,00C74D34), ref: 00C74C39
                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 00C74C4B
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 0000000E.00000002.1748984344.0000000000C71000.00000020.00000001.01000000.00000011.sdmp, Offset: 00C70000, based on PE: true
                                                                                                                                                                            • Associated: 0000000E.00000002.1748961804.0000000000C70000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 0000000E.00000002.1749004785.0000000000C7E000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 0000000E.00000002.1749024366.0000000000C84000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 0000000E.00000002.1749041792.0000000000C86000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_14_2_c70000_BraveUpdateOnDemand.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Process$CurrentExitTerminate
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1703294689-0
                                                                                                                                                                            • Opcode ID: fad6b8eb465666c6ad20e534f55928ab95a564f055f5d8c27bca413cdf6ae834
                                                                                                                                                                            • Instruction ID: 7cd2d4c12684904bdc9ec12111f967f75b377ec5248cc4249025ad3e8f75599d
                                                                                                                                                                            • Opcode Fuzzy Hash: fad6b8eb465666c6ad20e534f55928ab95a564f055f5d8c27bca413cdf6ae834
                                                                                                                                                                            • Instruction Fuzzy Hash: DBD09E32001108AFDF062F60DE0DB5D3F2ABF453417148450B91D4A031CBB59991EA50
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00C78000 Relevance: 1.6, APIs: 1, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 51 c78000-c78028 52 c7802e-c78030 51->52 53 c7802a-c7802c 51->53 55 c78036-c7803d call c77f35 52->55 56 c78032-c78034 52->56 54 c7807f-c78082 53->54 58 c78042-c78046 55->58 56->54 59 c78065-c7807c 58->59 60 c78048-c78056 GetProcAddress 58->60 62 c7807e 59->62 60->59 61 c78058-c78063 call c743c3 60->61 61->62 62->54
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 0000000E.00000002.1748984344.0000000000C71000.00000020.00000001.01000000.00000011.sdmp, Offset: 00C70000, based on PE: true
                                                                                                                                                                            • Associated: 0000000E.00000002.1748961804.0000000000C70000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 0000000E.00000002.1749004785.0000000000C7E000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 0000000E.00000002.1749024366.0000000000C84000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 0000000E.00000002.1749041792.0000000000C86000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_14_2_c70000_BraveUpdateOnDemand.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 08742c17b02a6beda8ba9909ac272fd5ed6fe92f34a60a60fb3f45c08c087156
                                                                                                                                                                            • Instruction ID: ac319df8a28ec798e0756e82563e80680ed293c4de007d98590dc8d14ef2c15c
                                                                                                                                                                            • Opcode Fuzzy Hash: 08742c17b02a6beda8ba9909ac272fd5ed6fe92f34a60a60fb3f45c08c087156
                                                                                                                                                                            • Instruction Fuzzy Hash: 5001B1377502125F9F2A8E7AEC48A5E37D6ABC4360725C120FB1CCB199EF31D949A790
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                            Function 00C71850 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00C7185C
                                                                                                                                                                            • IsDebuggerPresent.KERNEL32 ref: 00C71928
                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00C71948
                                                                                                                                                                            • UnhandledExceptionFilter.KERNEL32(?), ref: 00C71952
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 0000000E.00000002.1748984344.0000000000C71000.00000020.00000001.01000000.00000011.sdmp, Offset: 00C70000, based on PE: true
                                                                                                                                                                            • Associated: 0000000E.00000002.1748961804.0000000000C70000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 0000000E.00000002.1749004785.0000000000C7E000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 0000000E.00000002.1749024366.0000000000C84000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 0000000E.00000002.1749041792.0000000000C86000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_14_2_c70000_BraveUpdateOnDemand.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 254469556-0
                                                                                                                                                                            • Opcode ID: 460be35e1e540cde8a73757491f2161a0b255a253dd54cc212a7c22c7a81e750
                                                                                                                                                                            • Instruction ID: a253396e190e55dab54d55fa676fe7020a131c7fb1c3036a9b177a71233ff539
                                                                                                                                                                            • Opcode Fuzzy Hash: 460be35e1e540cde8a73757491f2161a0b255a253dd54cc212a7c22c7a81e750
                                                                                                                                                                            • Instruction Fuzzy Hash: AB3118B5D01318DBDB20DFA4D9897CCBBB8AF08340F1040EAE90DAB250EB705B859F55
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00C7341B Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 172 c7341b-c73446 call c73fd9 175 c737bf-c737c4 call c7548a 172->175 176 c7344c-c7344f 172->176 176->175 177 c73455-c7345e 176->177 179 c73464-c73468 177->179 180 c7355b-c73561 177->180 179->180 182 c7346e-c73475 179->182 183 c73569-c73577 180->183 184 c73477-c7347e 182->184 185 c7348d-c73492 182->185 186 c7357d-c73581 183->186 187 c73728-c7372b 183->187 184->185 188 c73480-c73487 184->188 185->180 191 c73498-c734a0 call c724e3 185->191 186->187 192 c73587-c7358e 186->192 189 c7374e-c73757 call c724e3 187->189 190 c7372d-c73730 187->190 188->180 188->185 189->175 204 c73759-c7375d 189->204 190->175 193 c73736-c7374b call c737c5 190->193 191->204 209 c734a6-c734bf call c724e3 * 2 191->209 195 c735a6-c735ac 192->195 196 c73590-c73597 192->196 193->189 198 c736c4-c736c8 195->198 199 c735b2-c735d9 call c7288c 195->199 196->195 202 c73599-c735a0 196->202 206 c736d4-c736e0 198->206 207 c736ca-c736d3 call c72170 198->207 199->198 214 c735df-c735e2 199->214 202->187 202->195 206->189 212 c736e2-c736e6 206->212 207->206 209->175 230 c734c5-c734cb 209->230 216 c736f8-c73700 212->216 217 c736e8-c736f0 212->217 220 c735e5-c735fa 214->220 222 c73717-c73724 call c73e94 216->222 223 c73702-c73715 call c724e3 * 2 216->223 217->189 221 c736f2-c736f6 217->221 226 c736a5-c736b8 220->226 227 c73600-c73603 220->227 221->189 221->216 238 c73726 222->238 239 c73783-c73798 call c724e3 * 2 222->239 245 c7375e call c753ce 223->245 226->220 231 c736be-c736c1 226->231 227->226 232 c73609-c73611 227->232 235 c734f7-c734ff call c724e3 230->235 236 c734cd-c734d1 230->236 231->198 232->226 237 c73617-c7362b 232->237 255 c73563-c73566 235->255 256 c73501-c73521 call c724e3 * 2 call c73e94 235->256 236->235 241 c734d3-c734da 236->241 242 c7362e-c7363e 237->242 238->189 268 c7379d-c737ba call c72a7f call c73d94 call c73f51 call c73d0b 239->268 269 c7379a 239->269 246 c734ee-c734f1 241->246 247 c734dc-c734e3 241->247 248 c73666-c73673 242->248 249 c73640-c73653 call c738fb 242->249 260 c73763-c7377e call c72170 call c73aa6 call c74086 245->260 246->175 246->235 247->246 253 c734e5-c734ec 247->253 248->242 258 c73675 248->258 265 c73677-c7369f call c7339b 249->265 266 c73655-c7365b 249->266 253->235 253->246 255->183 256->255 285 c73523-c73528 256->285 259 c736a2 258->259 259->226 260->239 265->259 266->249 273 c7365d-c73663 266->273 268->175 269->268 273->248 285->245 287 c7352e-c73541 call c73afb 285->287 287->260 292 c73547-c73553 287->292 292->245 293 c73559 292->293 293->287
                                                                                                                                                                            APIs
                                                                                                                                                                            • IsInExceptionSpec.LIBVCRUNTIME ref: 00C73518
                                                                                                                                                                            • type_info::operator==.LIBVCRUNTIME ref: 00C7353A
                                                                                                                                                                            • ___TypeMatch.LIBVCRUNTIME ref: 00C73649
                                                                                                                                                                            • IsInExceptionSpec.LIBVCRUNTIME ref: 00C7371B
                                                                                                                                                                            • _UnwindNestedFrames.LIBCMT ref: 00C7379F
                                                                                                                                                                            • CallUnexpected.LIBVCRUNTIME ref: 00C737BA
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 0000000E.00000002.1748984344.0000000000C71000.00000020.00000001.01000000.00000011.sdmp, Offset: 00C70000, based on PE: true
                                                                                                                                                                            • Associated: 0000000E.00000002.1748961804.0000000000C70000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 0000000E.00000002.1749004785.0000000000C7E000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 0000000E.00000002.1749024366.0000000000C84000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 0000000E.00000002.1749041792.0000000000C86000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_14_2_c70000_BraveUpdateOnDemand.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                                                                                                            • String ID: csm$csm$csm
                                                                                                                                                                            • API String ID: 2123188842-393685449
                                                                                                                                                                            • Opcode ID: 480d050d622a87d3285b8add5ea838706f7b2965250f0b40190822e54b9bd98a
                                                                                                                                                                            • Instruction ID: 7e71bc19b1046c4795726365ccd269761c40273c2c6161615c567a47d3add414
                                                                                                                                                                            • Opcode Fuzzy Hash: 480d050d622a87d3285b8add5ea838706f7b2965250f0b40190822e54b9bd98a
                                                                                                                                                                            • Instruction Fuzzy Hash: 6CB15BB1C00249EFCF2ADFA5D9819AEBBB5BF04310B14C159F8296B211D731EB51EB91
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00C71FA0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 294 c71fa0-c71ff1 call c7d040 call c71f60 call c72497 301 c71ff3-c72005 294->301 302 c7204d-c72050 294->302 303 c72007-c7201e 301->303 304 c72070-c72079 301->304 302->304 305 c72052-c7205f call c72480 302->305 306 c72034 303->306 307 c72020-c7202e call c72420 303->307 311 c72064-c7206d call c71f60 305->311 310 c72037-c7203c 306->310 316 c72044-c7204b 307->316 317 c72030 307->317 310->303 314 c7203e-c72040 310->314 311->304 314->304 318 c72042 314->318 316->311 319 c72032 317->319 320 c7207a-c72083 317->320 318->311 319->310 321 c72085-c7208c 320->321 322 c720bd-c720cd call c72460 320->322 321->322 323 c7208e-c7209d call c7ce20 321->323 327 c720e1-c720fd call c71f60 call c72440 322->327 328 c720cf-c720de call c72480 322->328 332 c7209f-c720b7 323->332 333 c720ba 323->333 328->327 332->333 333->322
                                                                                                                                                                            APIs
                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00C71FD7
                                                                                                                                                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 00C71FDF
                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00C72068
                                                                                                                                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 00C72093
                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00C720E8
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 0000000E.00000002.1748984344.0000000000C71000.00000020.00000001.01000000.00000011.sdmp, Offset: 00C70000, based on PE: true
                                                                                                                                                                            • Associated: 0000000E.00000002.1748961804.0000000000C70000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 0000000E.00000002.1749004785.0000000000C7E000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 0000000E.00000002.1749024366.0000000000C84000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 0000000E.00000002.1749041792.0000000000C86000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_14_2_c70000_BraveUpdateOnDemand.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                            • String ID: csm
                                                                                                                                                                            • API String ID: 1170836740-1018135373
                                                                                                                                                                            • Opcode ID: 6ed3660a6667eb13c370c3f6125288346ab5c805dcda52fd238ac0bda638ce12
                                                                                                                                                                            • Instruction ID: 154a4f928cb1b6243309abd57cb59ca212953c53938dc82f762068742e8e7fcb
                                                                                                                                                                            • Opcode Fuzzy Hash: 6ed3660a6667eb13c370c3f6125288346ab5c805dcda52fd238ac0bda638ce12
                                                                                                                                                                            • Instruction Fuzzy Hash: CB419134A00209ABCF10DF69C885B9EBBB5FF45318F14C195E92C9B392D731AE55CBA1
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00C724F1 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 340 c724f1-c724f8 341 c724fd-c72518 GetLastError call c727cc 340->341 342 c724fa-c724fc 340->342 345 c72531-c72533 341->345 346 c7251a-c7251c 341->346 347 c72577-c72582 SetLastError 345->347 346->347 348 c7251e-c7252f call c72807 346->348 348->345 351 c72535-c72545 call c754ce 348->351 354 c72547-c72557 call c72807 351->354 355 c72559-c72569 call c72807 351->355 354->355 360 c7256b-c7256d 354->360 361 c7256f-c72576 call c7540a 355->361 360->361 361->347
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetLastError.KERNEL32(?,?,00C724E8,00C7231C,00C71A34), ref: 00C724FF
                                                                                                                                                                            • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00C7250D
                                                                                                                                                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00C72526
                                                                                                                                                                            • SetLastError.KERNEL32(00000000,00C724E8,00C7231C,00C71A34), ref: 00C72578
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 0000000E.00000002.1748984344.0000000000C71000.00000020.00000001.01000000.00000011.sdmp, Offset: 00C70000, based on PE: true
                                                                                                                                                                            • Associated: 0000000E.00000002.1748961804.0000000000C70000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 0000000E.00000002.1749004785.0000000000C7E000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 0000000E.00000002.1749024366.0000000000C84000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 0000000E.00000002.1749041792.0000000000C86000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_14_2_c70000_BraveUpdateOnDemand.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3852720340-0
                                                                                                                                                                            • Opcode ID: acecf20266bb07d2081674ee1448a89a4b80e82c8adf5ce374eb30a4abb0d404
                                                                                                                                                                            • Instruction ID: fed506e5027ff7c49440118720f8d318572ead3c7242d0ec89d403a6b4ee1ce9
                                                                                                                                                                            • Opcode Fuzzy Hash: acecf20266bb07d2081674ee1448a89a4b80e82c8adf5ce374eb30a4abb0d404
                                                                                                                                                                            • Instruction Fuzzy Hash: C101DF3321A6125EA76827B5BCD5B2F2F55EB01BB87308239F63C421E5EF524D416254
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00C72673 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 364 c72673-c7267d 365 c726ee-c726f1 364->365 366 c726f3 365->366 367 c7267f-c7268c 365->367 368 c726f5-c726f9 366->368 369 c72695-c726b1 LoadLibraryExW 367->369 370 c7268e-c72691 367->370 373 c726b3-c726bc GetLastError 369->373 374 c726fa-c72700 369->374 371 c72693 370->371 372 c72709-c7270b 370->372 376 c726eb 371->376 372->368 377 c726e6-c726e9 373->377 378 c726be-c726d3 call c75708 373->378 374->372 375 c72702-c72703 FreeLibrary 374->375 375->372 376->365 377->376 378->377 381 c726d5-c726e4 LoadLibraryExW 378->381 381->374 381->377
                                                                                                                                                                            APIs
                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,?,00C72734,?,?,00C84C80,00000000,?,00C7285F,00000004,InitializeCriticalSectionEx,00C7ECBC,InitializeCriticalSectionEx,00000000), ref: 00C72703
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 0000000E.00000002.1748984344.0000000000C71000.00000020.00000001.01000000.00000011.sdmp, Offset: 00C70000, based on PE: true
                                                                                                                                                                            • Associated: 0000000E.00000002.1748961804.0000000000C70000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 0000000E.00000002.1749004785.0000000000C7E000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 0000000E.00000002.1749024366.0000000000C84000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 0000000E.00000002.1749041792.0000000000C86000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_14_2_c70000_BraveUpdateOnDemand.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: FreeLibrary
                                                                                                                                                                            • String ID: api-ms-
                                                                                                                                                                            • API String ID: 3664257935-2084034818
                                                                                                                                                                            • Opcode ID: 373da8eb23e8cd8fbb9389dc03211c45afca8bcb1b52ff89ba0d7e1ce714e9d9
                                                                                                                                                                            • Instruction ID: 0d4884c88538d37c5a729a1123ae746a127683fd7cf4000212680ff2977f3bd6
                                                                                                                                                                            • Opcode Fuzzy Hash: 373da8eb23e8cd8fbb9389dc03211c45afca8bcb1b52ff89ba0d7e1ce714e9d9
                                                                                                                                                                            • Instruction Fuzzy Hash: 5511C632E01621EBDF324B699C40B5D77A8AF09770F158252F92DEB280D770EE0096D5
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00C74C74 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,85CEDA66,?,?,00000000,00C7D10F,000000FF,?,00C74C47,00C74D34,?,00C74C1B,00000000), ref: 00C74CA9
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00C74CBB
                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,00000000,00C7D10F,000000FF,?,00C74C47,00C74D34,?,00C74C1B,00000000), ref: 00C74CDD
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 0000000E.00000002.1748984344.0000000000C71000.00000020.00000001.01000000.00000011.sdmp, Offset: 00C70000, based on PE: true
                                                                                                                                                                            • Associated: 0000000E.00000002.1748961804.0000000000C70000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 0000000E.00000002.1749004785.0000000000C7E000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 0000000E.00000002.1749024366.0000000000C84000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 0000000E.00000002.1749041792.0000000000C86000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_14_2_c70000_BraveUpdateOnDemand.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                            • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                            • API String ID: 4061214504-1276376045
                                                                                                                                                                            • Opcode ID: cfcb16c8aa15fee11b0ac733e820a421df4e4f51488b3890bd357b47a533f701
                                                                                                                                                                            • Instruction ID: dba0e629402cbc451ca0f63f5452117fd2a46e591074f5eb0b29240e6c21572a
                                                                                                                                                                            • Opcode Fuzzy Hash: cfcb16c8aa15fee11b0ac733e820a421df4e4f51488b3890bd357b47a533f701
                                                                                                                                                                            • Instruction Fuzzy Hash: CF01FE33540625EFDB159F50DC06FAE7BB8FB08B11F004175F819A26D0D7749940CB51
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00C79720 Relevance: 7.7, APIs: 5, Instructions: 202COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 00C797A7
                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 00C79868
                                                                                                                                                                            • __freea.LIBCMT ref: 00C798CF
                                                                                                                                                                              • Part of subcall function 00C779A2: HeapAlloc.KERNEL32(00000000,00C76B72,00C788AA,?,00C76B72,00000220,?,?,00C788AA), ref: 00C779D4
                                                                                                                                                                            • __freea.LIBCMT ref: 00C798E4
                                                                                                                                                                            • __freea.LIBCMT ref: 00C798F4
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 0000000E.00000002.1748984344.0000000000C71000.00000020.00000001.01000000.00000011.sdmp, Offset: 00C70000, based on PE: true
                                                                                                                                                                            • Associated: 0000000E.00000002.1748961804.0000000000C70000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 0000000E.00000002.1749004785.0000000000C7E000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 0000000E.00000002.1749024366.0000000000C84000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 0000000E.00000002.1749041792.0000000000C86000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_14_2_c70000_BraveUpdateOnDemand.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: __freea$__alloca_probe_16$AllocHeap
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1096550386-0
                                                                                                                                                                            • Opcode ID: dbe928a440de9d427cc0118013a820b80d6bcd3be78fc495a1007ff441c084bf
                                                                                                                                                                            • Instruction ID: 16844993f4df154e9f91617130270f148c2105dfe89c8fb0a481f55b95937860
                                                                                                                                                                            • Opcode Fuzzy Hash: dbe928a440de9d427cc0118013a820b80d6bcd3be78fc495a1007ff441c084bf
                                                                                                                                                                            • Instruction Fuzzy Hash: 8E51C77260020AAFEF159FA5CC82EBB36A9EF45750F158129FD2CD6191EB70CD10E7A1
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00C71000 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 14libraryloaderCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll,SetDefaultDllDirectories,00C7116C), ref: 00C7100A
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 00C71011
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 0000000E.00000002.1748984344.0000000000C71000.00000020.00000001.01000000.00000011.sdmp, Offset: 00C70000, based on PE: true
                                                                                                                                                                            • Associated: 0000000E.00000002.1748961804.0000000000C70000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 0000000E.00000002.1749004785.0000000000C7E000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 0000000E.00000002.1749024366.0000000000C84000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 0000000E.00000002.1749041792.0000000000C86000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_14_2_c70000_BraveUpdateOnDemand.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AddressHandleModuleProc
                                                                                                                                                                            • String ID: SetDefaultDllDirectories$kernel32.dll
                                                                                                                                                                            • API String ID: 1646373207-2102062458
                                                                                                                                                                            • Opcode ID: cc69d98902147e9aee6f0ecf7c46c8392f0be4f9e9aadfcfce5c6f628bd27ab2
                                                                                                                                                                            • Instruction ID: df208b8048157f6d03796c224e1898c5dfc68597695c51070c13d81a9a8faf29
                                                                                                                                                                            • Opcode Fuzzy Hash: cc69d98902147e9aee6f0ecf7c46c8392f0be4f9e9aadfcfce5c6f628bd27ab2
                                                                                                                                                                            • Instruction Fuzzy Hash: 41C0123234070153DF2057B00D0B70D12886A497C5F08C4E0691DD80E1DDB4C4447523
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00C79BEC Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetConsoleOutputCP.KERNEL32(85CEDA66,?,00000000,?), ref: 00C79C4F
                                                                                                                                                                              • Part of subcall function 00C7708E: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00C798C5,?,00000000,-00000008), ref: 00C7713A
                                                                                                                                                                            • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00C79EAA
                                                                                                                                                                            • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00C79EF2
                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00C79F95
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 0000000E.00000002.1748984344.0000000000C71000.00000020.00000001.01000000.00000011.sdmp, Offset: 00C70000, based on PE: true
                                                                                                                                                                            • Associated: 0000000E.00000002.1748961804.0000000000C70000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 0000000E.00000002.1749004785.0000000000C7E000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 0000000E.00000002.1749024366.0000000000C84000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 0000000E.00000002.1749041792.0000000000C86000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_14_2_c70000_BraveUpdateOnDemand.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2112829910-0
                                                                                                                                                                            • Opcode ID: 579fac1179dffd764eba3c9b14ec3722c8c611c8ae369e4750fe31c49481251e
                                                                                                                                                                            • Instruction ID: 6fd42272ca6d705edcf1cadd96b68dd40f5be1263bd1719954f61fcb683bfbac
                                                                                                                                                                            • Opcode Fuzzy Hash: 579fac1179dffd764eba3c9b14ec3722c8c611c8ae369e4750fe31c49481251e
                                                                                                                                                                            • Instruction Fuzzy Hash: 90D16A75D042489FCF15CFE8D880AADBBB5FF48310F28856AE86AEB351D730A941CB50
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00C731C4 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 0000000E.00000002.1748984344.0000000000C71000.00000020.00000001.01000000.00000011.sdmp, Offset: 00C70000, based on PE: true
                                                                                                                                                                            • Associated: 0000000E.00000002.1748961804.0000000000C70000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 0000000E.00000002.1749004785.0000000000C7E000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 0000000E.00000002.1749024366.0000000000C84000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 0000000E.00000002.1749041792.0000000000C86000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_14_2_c70000_BraveUpdateOnDemand.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AdjustPointer
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1740715915-0
                                                                                                                                                                            • Opcode ID: b2526a57763ee547a201bac2a46d54bbacf556e0ab6cb21c03f11e898b7b5c17
                                                                                                                                                                            • Instruction ID: fc8b87d83a5a1e3698f38a0b47e675b9f95b5221c42f84868aebe83513368481
                                                                                                                                                                            • Opcode Fuzzy Hash: b2526a57763ee547a201bac2a46d54bbacf556e0ab6cb21c03f11e898b7b5c17
                                                                                                                                                                            • Instruction Fuzzy Hash: 4E51D272601682AFDB298F51C842B7A77A4EF04310F14C52DE859572A3E731EF41FB90
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00C7B3A6 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,?,00C7AB66,?,00000001,?,?,?,00C79FE9,?,?,00000000), ref: 00C7B3BD
                                                                                                                                                                            • GetLastError.KERNEL32(?,00C7AB66,?,00000001,?,?,?,00C79FE9,?,?,00000000,?,?,?,00C7A570,?), ref: 00C7B3C9
                                                                                                                                                                              • Part of subcall function 00C7B38F: CloseHandle.KERNEL32(FFFFFFFE,00C7B3D9,?,00C7AB66,?,00000001,?,?,?,00C79FE9,?,?,00000000,?,?), ref: 00C7B39F
                                                                                                                                                                            • ___initconout.LIBCMT ref: 00C7B3D9
                                                                                                                                                                              • Part of subcall function 00C7B351: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00C7B380,00C7AB53,?,?,00C79FE9,?,?,00000000,?), ref: 00C7B364
                                                                                                                                                                            • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,00C7AB66,?,00000001,?,?,?,00C79FE9,?,?,00000000,?), ref: 00C7B3EE
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 0000000E.00000002.1748984344.0000000000C71000.00000020.00000001.01000000.00000011.sdmp, Offset: 00C70000, based on PE: true
                                                                                                                                                                            • Associated: 0000000E.00000002.1748961804.0000000000C70000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 0000000E.00000002.1749004785.0000000000C7E000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 0000000E.00000002.1749024366.0000000000C84000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 0000000E.00000002.1749041792.0000000000C86000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_14_2_c70000_BraveUpdateOnDemand.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2744216297-0
                                                                                                                                                                            • Opcode ID: 29d1ae35e44cc83a4e4f262e965c5451488df3cf850730db8f04272d19beb3f1
                                                                                                                                                                            • Instruction ID: ea5e6708f36bdde563701a547dfad322b1597465479375792c42df8e15f17328
                                                                                                                                                                            • Opcode Fuzzy Hash: 29d1ae35e44cc83a4e4f262e965c5451488df3cf850730db8f04272d19beb3f1
                                                                                                                                                                            • Instruction Fuzzy Hash: 2FF0A237500155BBCF222F95DC04B9E3F66EB093B1B044050FA1D95130DB71CDA0EBA5
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00C737C5 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 00C737EA
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 0000000E.00000002.1748984344.0000000000C71000.00000020.00000001.01000000.00000011.sdmp, Offset: 00C70000, based on PE: true
                                                                                                                                                                            • Associated: 0000000E.00000002.1748961804.0000000000C70000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 0000000E.00000002.1749004785.0000000000C7E000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 0000000E.00000002.1749024366.0000000000C84000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 0000000E.00000002.1749041792.0000000000C86000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_14_2_c70000_BraveUpdateOnDemand.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: EncodePointer
                                                                                                                                                                            • String ID: MOC$RCC
                                                                                                                                                                            • API String ID: 2118026453-2084237596
                                                                                                                                                                            • Opcode ID: c20047764736c6a8f6b42be1fea4638371140f08aed39a648e7722d004d52ed9
                                                                                                                                                                            • Instruction ID: 69abf09f0f348cf7fe15c39e8e4e035b54d646e414ac51210e87d3b9fa8e91fa
                                                                                                                                                                            • Opcode Fuzzy Hash: c20047764736c6a8f6b42be1fea4638371140f08aed39a648e7722d004d52ed9
                                                                                                                                                                            • Instruction Fuzzy Hash: C3418B72900249AFCF16CF94CC81AEE7BB5FF08300F14C05AF918A72A1D3359A51EB92
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Callgraph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            • Opacity -> Relevance
                                                                                                                                                                            • Disassembly available
                                                                                                                                                                            callgraph 0 Function_00007FF7E4983A00 1 Function_00007FF7E49810C0 12 Function_00007FF7E49811C0 1->12 33 Function_00007FF7E4983D70 1->33 2 Function_00007FF7E4983E40 23 Function_00007FF7E49839A0 2->23 28 Function_00007FF7E4983960 2->28 3 Function_00007FF7E4983540 3->28 4 Function_00007FF7E49836C0 5 Function_00007FF7E4983B00 6 Function_00007FF7E4981000 40 Function_00007FF7E49832F0 6->40 7 Function_00007FF7E4983C80 8 Function_00007FF7E4983C00 9 Function_00007FF7E4983040 9->23 25 Function_00007FF7E4982F60 9->25 10 Function_00007FF7E4982200 11 Function_00007FF7E4984680 13 Function_00007FF7E4981CC0 14 Function_00007FF7E4982100 14->2 14->5 14->8 19 Function_00007FF7E4983BD0 14->19 14->28 32 Function_00007FF7E4983930 14->32 15 Function_00007FF7E4981080 16 Function_00007FF7E4981AD0 17 Function_00007FF7E4981050 18 Function_00007FF7E49838D0 20 Function_00007FF7E4983B90 21 Function_00007FF7E4981D90 22 Function_00007FF7E4981E90 24 Function_00007FF7E4981EA0 26 Function_00007FF7E4983CE0 27 Function_00007FF7E4983EE0 27->21 27->24 29 Function_00007FF7E4981F60 27->29 35 Function_00007FF7E4981DF0 27->35 37 Function_00007FF7E4981DB0 27->37 30 Function_00007FF7E4981030 31 Function_00007FF7E4981330 31->21 31->22 31->24 31->29 31->30 31->37 34 Function_00007FF7E4982030 34->0 34->2 34->8 34->19 34->23 34->26 35->28 36 Function_00007FF7E4981F70 36->2 36->7 36->19 39 Function_00007FF7E4983D30 36->39 38 Function_00007FF7E4982330 38->10 38->11 38->13 38->14 38->16 38->23 38->27 38->28 38->31 40->1 40->2 40->15 40->17 40->19 40->20 40->34 40->36 40->38 40->39 41 Function_00007FF7E4982EB0 40->41 43 Function_00007FF7E4983170 40->43 44 Function_00007FF7E49828F0 40->44 41->16 41->32 42 Function_00007FF7E4982CF0 42->3 42->4 42->20 42->28 42->32 43->9 43->18 43->23 43->28 43->32 44->10 44->14 44->23 44->28 44->30 44->32 44->33 44->42

                                                                                                                                                                            Executed Functions

                                                                                                                                                                            Function 00007FF7E4981330 Relevance: 52.8, APIs: 23, Strings: 7, Instructions: 266memorylibraryloaderCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 0 7ff7e4981330-7ff7e4981359 1 7ff7e4981691-7ff7e49816c3 call 7ff7e4981030 ExpandEnvironmentStringsW 0->1 2 7ff7e498135f-7ff7e49813a0 GetProcAddress * 3 0->2 8 7ff7e49816ce-7ff7e49816e4 LoadLibraryW 1->8 9 7ff7e49816c5-7ff7e49816cc 1->9 4 7ff7e49813a7-7ff7e49813b1 2->4 6 7ff7e49813b7-7ff7e49813bf 4->6 7 7ff7e4981664-7ff7e498167d 4->7 6->7 10 7ff7e49813c5-7ff7e49813c8 6->10 12 7ff7e49816eb-7ff7e49816ee 8->12 9->12 10->7 11 7ff7e49813ce-7ff7e49813df lstrlenW 10->11 13 7ff7e49813f1-7ff7e49813f4 11->13 14 7ff7e49813e1-7ff7e49813e6 11->14 12->2 15 7ff7e49816f4-7ff7e4981718 ExpandEnvironmentStringsW 12->15 19 7ff7e498163e-7ff7e4981640 13->19 20 7ff7e49813fa-7ff7e4981431 WideCharToMultiByte 13->20 14->13 18 7ff7e49813e8-7ff7e49813ef 14->18 16 7ff7e498171a-7ff7e4981721 15->16 17 7ff7e4981723-7ff7e4981739 LoadLibraryExW 15->17 21 7ff7e4981740-7ff7e4981743 16->21 17->21 18->13 18->14 19->7 22 7ff7e4981433-7ff7e4981451 GetProcessHeap HeapAlloc 20->22 23 7ff7e4981480-7ff7e49814b1 WideCharToMultiByte 20->23 21->2 24 7ff7e4981749-7ff7e498176d ExpandEnvironmentStringsW 21->24 22->23 25 7ff7e4981453-7ff7e498147d WideCharToMultiByte 22->25 26 7ff7e49814b7-7ff7e49814dd GetProcessHeap HeapAlloc 23->26 27 7ff7e4981642-7ff7e4981644 23->27 29 7ff7e4981778-7ff7e498178e LoadLibraryExW 24->29 30 7ff7e498176f-7ff7e4981776 24->30 25->23 26->27 31 7ff7e49814e3-7ff7e498150f WideCharToMultiByte 26->31 28 7ff7e4981649-7ff7e498164c 27->28 28->7 32 7ff7e498164e-7ff7e4981662 GetProcessHeap HeapFree 28->32 33 7ff7e4981795-7ff7e4981798 29->33 30->33 34 7ff7e498151a-7ff7e498151d 31->34 35 7ff7e4981511-7ff7e4981514 31->35 32->7 33->2 36 7ff7e498179e-7ff7e49817a5 33->36 37 7ff7e4981624 34->37 38 7ff7e4981523-7ff7e4981593 34->38 35->34 36->4 39 7ff7e4981626-7ff7e498163c GetProcessHeap HeapFree 37->39 38->37 41 7ff7e4981599-7ff7e49815f3 call 7ff7e4981d90 38->41 39->28 45 7ff7e49815fc-7ff7e498160a 41->45 46 7ff7e498167e-7ff7e4981685 call 7ff7e4981e90 45->46 47 7ff7e498160c-7ff7e4981614 call 7ff7e4981f60 FlushFileBuffers 45->47 52 7ff7e498161a-7ff7e4981622 call 7ff7e4981db0 46->52 53 7ff7e4981687-7ff7e498168f call 7ff7e4981ea0 46->53 47->52 52->39 53->52
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000031.00000002.2362621246.00007FF7E4981000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF7E4980000, based on PE: true
                                                                                                                                                                            • Associated: 00000031.00000002.2362343868.00007FF7E4980000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363085480.00007FF7E4985000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363253469.00007FF7E4988000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363439864.00007FF7E498A000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363439864.00007FF7E538A000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_49_2_7ff7e4980000_brave_installer-x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Heap$ByteCharMultiProcessWide$AddressEnvironmentExpandLibraryLoadProcStrings$AllocFree$BuffersFileFlushlstrlen
                                                                                                                                                                            • String ID: %SYSTEMROOT%\system32\cabinet.dll$%WINDIR%\system32\cabinet.dll$C:\Windows\system32\cabinet.dll$FDICopy$FDICreate$FDIDestroy$MZx
                                                                                                                                                                            • API String ID: 3409977574-3837671842
                                                                                                                                                                            • Opcode ID: be8b20edd14dbf0bc7b8464e5ab653c9d39fe3ab5a57a864b2ff5d75a87a05d8
                                                                                                                                                                            • Instruction ID: d44d281a9824e33d17593abb08a0e49a2be22817e52e54ee157d95b16150b2a1
                                                                                                                                                                            • Opcode Fuzzy Hash: be8b20edd14dbf0bc7b8464e5ab653c9d39fe3ab5a57a864b2ff5d75a87a05d8
                                                                                                                                                                            • Instruction Fuzzy Hash: FFC185A9A09A8381F714EF5BE8C5375A391BF8C790FC44136D94D6B6A0DF3CE5498322
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00007FF7E49811C0 Relevance: 31.6, APIs: 8, Strings: 10, Instructions: 105stringCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000031.00000002.2362621246.00007FF7E4981000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF7E4980000, based on PE: true
                                                                                                                                                                            • Associated: 00000031.00000002.2362343868.00007FF7E4980000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363085480.00007FF7E4985000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363253469.00007FF7E4988000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363439864.00007FF7E498A000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363439864.00007FF7E538A000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_49_2_7ff7e4980000_brave_installer-x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: lstrcmpi$ArgvCommandEnvironmentLineVariable
                                                                                                                                                                            • String ID: --chrome-beta$--chrome-dev$--chrome-frame$--chrome-sxs$--cleanup$--system-level$BraveSoftwareUpdateIsMachine${103BD053-949B-43A8-9120-2E424887DE11}${C6CB981E-DB30-4876-8639-109F8933582C}${CB2150F2-595F-4633-891A-E39720CE0531}
                                                                                                                                                                            • API String ID: 310715562-1446311126
                                                                                                                                                                            • Opcode ID: 53ad3257636432027177a422d5388deec34048ab42b9b14594bb3d1845c2475f
                                                                                                                                                                            • Instruction ID: a3f6495a73d66c2442841ed0213b9d1b8c30ff375a095830c451e85743cf8c96
                                                                                                                                                                            • Opcode Fuzzy Hash: 53ad3257636432027177a422d5388deec34048ab42b9b14594bb3d1845c2475f
                                                                                                                                                                            • Instruction Fuzzy Hash: F34162AAA08647D4EB51EF1BE881379A7A4AB4C7D4FC44433C94D9B360DE7CE545C322
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00007FF7E4981AD0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 122fileCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000031.00000002.2362621246.00007FF7E4981000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF7E4980000, based on PE: true
                                                                                                                                                                            • Associated: 00000031.00000002.2362343868.00007FF7E4980000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363085480.00007FF7E4985000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363253469.00007FF7E4988000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363439864.00007FF7E498A000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363439864.00007FF7E538A000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_49_2_7ff7e4980000_brave_installer-x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Handle$File$CloseInformation$CreateErrorLast$Sleep
                                                                                                                                                                            • String ID: MZx
                                                                                                                                                                            • API String ID: 1461999944-2575928145
                                                                                                                                                                            • Opcode ID: fae700a5440509070e2741754b0b6822c2ebe808603f7c74cfe8dde0de059789
                                                                                                                                                                            • Instruction ID: 69fd8f43df90bed6d9afe165da244b0a76c5e5afe6aa9a541215d544eb6e9086
                                                                                                                                                                            • Opcode Fuzzy Hash: fae700a5440509070e2741754b0b6822c2ebe808603f7c74cfe8dde0de059789
                                                                                                                                                                            • Instruction Fuzzy Hash: 3C4133A5A0818345F764AF2FE885736A290BF8C7A4F984232ED5D6B3D4EF3CE5458311
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00007FF7E49810C0 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 72COMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000031.00000002.2362621246.00007FF7E4981000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF7E4980000, based on PE: true
                                                                                                                                                                            • Associated: 00000031.00000002.2362343868.00007FF7E4980000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363085480.00007FF7E4985000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363253469.00007FF7E4988000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363439864.00007FF7E498A000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363439864.00007FF7E538A000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_49_2_7ff7e4980000_brave_installer-x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Resource$CommandFindFreeLineLoadLocalLockSizeof
                                                                                                                                                                            • String ID: ChromeInstallerCleanup$MZx$Software\Microsoft\Windows\CurrentVersion\Uninstall\Brave${AFE6A462-C574-4B8A-AF43-4CC60DF4563B}
                                                                                                                                                                            • API String ID: 1366880580-2760568576
                                                                                                                                                                            • Opcode ID: eec448ab9775e991f69a745d0fca1f1602de0c784bc08e832daaece25ca3a26a
                                                                                                                                                                            • Instruction ID: bdd5d0d3fc5a64784babfb5b6d223383cbc78ebf342678f3726c4f886e3e9669
                                                                                                                                                                            • Opcode Fuzzy Hash: eec448ab9775e991f69a745d0fca1f1602de0c784bc08e832daaece25ca3a26a
                                                                                                                                                                            • Instruction Fuzzy Hash: 6621967560674381EE20AF17AC857AAA3E0AF49F90F848136CE4D5B781DF3DE145C311
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00007FF7E4982330 Relevance: 13.8, APIs: 2, Strings: 7, Instructions: 339COMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 112 7ff7e4982330-7ff7e4982375 call 7ff7e4984680 call 7ff7e4983960 117 7ff7e498237b-7ff7e4982393 call 7ff7e49839a0 112->117 118 7ff7e4982469 112->118 117->118 122 7ff7e4982399-7ff7e498241b call 7ff7e4981cc0 117->122 120 7ff7e4982470-7ff7e4982486 118->120 125 7ff7e498241d 122->125 126 7ff7e498242c-7ff7e4982432 122->126 127 7ff7e4982421 125->127 126->125 128 7ff7e4982434-7ff7e498244e call 7ff7e4983960 126->128 129 7ff7e4982427-7ff7e498242a 127->129 128->118 132 7ff7e4982450-7ff7e4982467 call 7ff7e49839a0 128->132 129->120 132->118 135 7ff7e4982487-7ff7e4982496 call 7ff7e4983ee0 132->135 138 7ff7e4982498-7ff7e498249e GetLastError 135->138 139 7ff7e49824a0-7ff7e49824ae 135->139 138->127 140 7ff7e4982586-7ff7e49825bd call 7ff7e4981cc0 139->140 141 7ff7e49824b4-7ff7e49824c6 call 7ff7e4983960 139->141 147 7ff7e49825ce-7ff7e49825d4 140->147 148 7ff7e49825bf 140->148 141->118 146 7ff7e49824c8-7ff7e49824df call 7ff7e49839a0 141->146 146->118 154 7ff7e49824e1-7ff7e49824f0 call 7ff7e4983ee0 146->154 147->148 151 7ff7e49825d6-7ff7e49825e8 call 7ff7e4983960 147->151 150 7ff7e49825c3-7ff7e49825c9 148->150 150->129 151->118 157 7ff7e49825ee-7ff7e4982605 call 7ff7e49839a0 151->157 161 7ff7e49824f6-7ff7e498254d call 7ff7e4982100 154->161 162 7ff7e4982620-7ff7e4982626 GetLastError 154->162 157->118 163 7ff7e498260b-7ff7e498261a call 7ff7e4983ee0 157->163 167 7ff7e498278e-7ff7e49827a9 call 7ff7e49839a0 161->167 168 7ff7e4982553-7ff7e498255e 161->168 162->150 163->162 172 7ff7e4982727-7ff7e498274b call 7ff7e4981330 call 7ff7e4981ad0 163->172 183 7ff7e49827ab-7ff7e49827c7 call 7ff7e49839a0 167->183 184 7ff7e4982780-7ff7e4982789 167->184 170 7ff7e4982628-7ff7e4982632 168->170 171 7ff7e4982564 168->171 176 7ff7e498263c-7ff7e4982640 170->176 175 7ff7e4982568-7ff7e498256e 171->175 193 7ff7e4982750-7ff7e498275d 172->193 179 7ff7e4982574-7ff7e498257c 175->179 180 7ff7e498268f-7ff7e4982692 175->180 181 7ff7e4982634-7ff7e4982638 176->181 182 7ff7e4982642-7ff7e4982649 176->182 179->175 188 7ff7e498257e-7ff7e4982581 179->188 185 7ff7e4982694-7ff7e49826cd call 7ff7e4982200 180->185 186 7ff7e49826d1-7ff7e49826f3 call 7ff7e4981ad0 180->186 181->176 182->181 189 7ff7e498264b-7ff7e498264e 182->189 183->184 196 7ff7e49827c9-7ff7e49827e4 call 7ff7e49839a0 183->196 185->186 207 7ff7e49826f7-7ff7e49826fa 186->207 208 7ff7e49826f5 186->208 188->189 189->180 195 7ff7e4982650-7ff7e4982656 189->195 198 7ff7e4982761-7ff7e4982768 193->198 199 7ff7e498275f 193->199 201 7ff7e498267a-7ff7e498268a call 7ff7e49839a0 195->201 202 7ff7e4982658-7ff7e498265b 195->202 196->184 215 7ff7e49827e6-7ff7e4982801 call 7ff7e49839a0 196->215 205 7ff7e498270b-7ff7e498270e 198->205 206 7ff7e498276a-7ff7e498277e call 7ff7e4983960 198->206 199->198 201->180 202->201 209 7ff7e498265d-7ff7e4982678 call 7ff7e49839a0 202->209 205->120 206->205 212 7ff7e49826fc 207->212 213 7ff7e4982713-7ff7e4982725 call 7ff7e4983960 207->213 208->207 209->180 209->201 217 7ff7e4982701-7ff7e4982708 212->217 213->217 215->184 223 7ff7e4982807-7ff7e4982822 call 7ff7e49839a0 215->223 217->205 223->184 226 7ff7e4982828-7ff7e498283f call 7ff7e49839a0 223->226 226->184 229 7ff7e4982845-7ff7e4982860 call 7ff7e49839a0 226->229 229->184 232 7ff7e4982866-7ff7e4982881 call 7ff7e49839a0 229->232 232->184 235 7ff7e4982887-7ff7e49828a2 call 7ff7e49839a0 232->235 235->184 238 7ff7e49828a8-7ff7e49828c1 call 7ff7e49839a0 235->238 238->184 241 7ff7e49828c7-7ff7e49828e5 call 7ff7e49839a0 238->241 241->168 244 7ff7e49828eb 241->244 244->184
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000,MZx,?,?,?,?,?,00007FF7E4983447), ref: 00007FF7E4982498
                                                                                                                                                                              • Part of subcall function 00007FF7E4981CC0: EnumResourceNamesW.KERNEL32 ref: 00007FF7E4981CD7
                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000,MZx,?,?,?,?,?,00007FF7E4983447), ref: 00007FF7E4982620
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000031.00000002.2362621246.00007FF7E4981000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF7E4980000, based on PE: true
                                                                                                                                                                            • Associated: 00000031.00000002.2362343868.00007FF7E4980000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363085480.00007FF7E4985000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363253469.00007FF7E4988000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363439864.00007FF7E498A000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363439864.00007FF7E538A000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_49_2_7ff7e4980000_brave_installer-x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ErrorLast$EnumNamesResource
                                                                                                                                                                            • String ID: " --$MZx$new-setup-exe$setup.exe$update-setup-exe$x$y
                                                                                                                                                                            • API String ID: 737610517-3588629935
                                                                                                                                                                            • Opcode ID: a8a5adab8218939cd3ad64d718a65743d1ab3640c79cf4c247dbf45c9200ddad
                                                                                                                                                                            • Instruction ID: 9b15fa6909dbf8a19582043512826c84a336d5383a34b39b0aeddd590978818f
                                                                                                                                                                            • Opcode Fuzzy Hash: a8a5adab8218939cd3ad64d718a65743d1ab3640c79cf4c247dbf45c9200ddad
                                                                                                                                                                            • Instruction Fuzzy Hash: D5E15EE950C68381EB60AF1A91843F9A351EF89784FD04133DA8D6BB95DF3DE546C322
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00007FF7E4983170 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 103COMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000031.00000002.2362621246.00007FF7E4981000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF7E4980000, based on PE: true
                                                                                                                                                                            • Associated: 00000031.00000002.2362343868.00007FF7E4980000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363085480.00007FF7E4985000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363253469.00007FF7E4988000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363439864.00007FF7E498A000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363439864.00007FF7E538A000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_49_2_7ff7e4980000_brave_installer-x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CreateDirectoryErrorFreeFunction036LastLocalSystem
                                                                                                                                                                            • String ID: .tmp$CR_$MZx
                                                                                                                                                                            • API String ID: 1732257400-2866166633
                                                                                                                                                                            • Opcode ID: 718a5a7b2bd421c5ee3395f2823bb4f15cc6c72c6dfe0933d8db1a6e6d74d35e
                                                                                                                                                                            • Instruction ID: 1ade3e0c9219efc2e1ff50a8d42def1f918f68cf6f383fe006a673100c1c1766
                                                                                                                                                                            • Opcode Fuzzy Hash: 718a5a7b2bd421c5ee3395f2823bb4f15cc6c72c6dfe0933d8db1a6e6d74d35e
                                                                                                                                                                            • Instruction Fuzzy Hash: 6E3182E971854391FA20BF1BA9807B99251AF49BD0F948132DE4D2FB81DF3ED585C212
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00007FF7E4982200 Relevance: 12.1, APIs: 8, Instructions: 78processsynchronizationCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000031.00000002.2362621246.00007FF7E4981000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF7E4980000, based on PE: true
                                                                                                                                                                            • Associated: 00000031.00000002.2362343868.00007FF7E4980000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363085480.00007FF7E4985000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363253469.00007FF7E4988000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363439864.00007FF7E498A000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363439864.00007FF7E538A000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_49_2_7ff7e4980000_brave_installer-x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CloseErrorHandleLastProcess$AttributesCodeCreateExitFileObjectSingleWait
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1236864362-0
                                                                                                                                                                            • Opcode ID: 7bcea0aa7e1654ef5787a63bae3990c0f6ce7ce81792a7877ab6c3b4acd2fa63
                                                                                                                                                                            • Instruction ID: 1a7ec1d0310a7e9b5edad836ac11f46ef7bad9d3bc277cb186e8266cbb693f30
                                                                                                                                                                            • Opcode Fuzzy Hash: 7bcea0aa7e1654ef5787a63bae3990c0f6ce7ce81792a7877ab6c3b4acd2fa63
                                                                                                                                                                            • Instruction Fuzzy Hash: 66318FB6908A8286E7249F1EF8847AAF7A1FF88754F448131EA8D57754EF3CD084CB11
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00007FF7E4982F60 Relevance: 12.1, APIs: 8, Instructions: 63memoryCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000031.00000002.2362621246.00007FF7E4981000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF7E4980000, based on PE: true
                                                                                                                                                                            • Associated: 00000031.00000002.2362343868.00007FF7E4980000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363085480.00007FF7E4985000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363253469.00007FF7E4988000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363439864.00007FF7E498A000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363439864.00007FF7E538A000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_49_2_7ff7e4980000_brave_installer-x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Token$InformationLocalProcess$AllocCloseCurrentErrorFreeHandleLastOpen
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3439255530-0
                                                                                                                                                                            • Opcode ID: f30d9c696816cdab1ec3a17349200a718af0a1d3f92af8fe297077335a5cac70
                                                                                                                                                                            • Instruction ID: 54bc82aa6bfc9f23ede9b017ceec31318f8451570dbd34ed879c5cd73c23011a
                                                                                                                                                                            • Opcode Fuzzy Hash: f30d9c696816cdab1ec3a17349200a718af0a1d3f92af8fe297077335a5cac70
                                                                                                                                                                            • Instruction Fuzzy Hash: 2321486960854382F760AF2BE894B6AE390BFDCB50F944036DE4E6B654DF3CD446CB21
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00007FF7E49832F0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 139COMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000031.00000002.2362621246.00007FF7E4981000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF7E4980000, based on PE: true
                                                                                                                                                                            • Associated: 00000031.00000002.2362343868.00007FF7E4980000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363085480.00007FF7E4985000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363253469.00007FF7E4988000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363439864.00007FF7E498A000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363439864.00007FF7E538A000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_49_2_7ff7e4980000_brave_installer-x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Resource$Process$CommandCurrentErrorFileFindFreeLastLineLoadLocalLockModuleNameSizeSizeofWorking
                                                                                                                                                                            • String ID: InstallerExtraCode1
                                                                                                                                                                            • API String ID: 737911292-2381712892
                                                                                                                                                                            • Opcode ID: 01f12ac26f3242a4fc467eb081aa636f9ead95efcf205e273a6c2562b67878dd
                                                                                                                                                                            • Instruction ID: 27b5e0a84733bcf9e48d4712069380a3da8848fb4f35f3dd7755a1d5e5f21f4f
                                                                                                                                                                            • Opcode Fuzzy Hash: 01f12ac26f3242a4fc467eb081aa636f9ead95efcf205e273a6c2562b67878dd
                                                                                                                                                                            • Instruction Fuzzy Hash: FE51A7B660C68381DB20AF1AE5843AEE350EB88B90F844133EB9D576D9DF7DD145C711
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00007FF7E4983040 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 74COMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            • D:PAI(A;;FA;;;BA)(A;OIIOCI;GA;;;BA)(A;;FA;;;SY)(A;OIIOCI;GA;;;SY)(A;OIIOCI;GA;;;CO)(A;;FA;;;, xrefs: 00007FF7E49830E9
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000031.00000002.2362621246.00007FF7E4981000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF7E4980000, based on PE: true
                                                                                                                                                                            • Associated: 00000031.00000002.2362343868.00007FF7E4980000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363085480.00007FF7E4985000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363253469.00007FF7E4988000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363439864.00007FF7E498A000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363439864.00007FF7E538A000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_49_2_7ff7e4980000_brave_installer-x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: InformationProcessTokenVolume$CloseCurrentErrorFreeHandleLastLocalNameOpenPath
                                                                                                                                                                            • String ID: D:PAI(A;;FA;;;BA)(A;OIIOCI;GA;;;BA)(A;;FA;;;SY)(A;OIIOCI;GA;;;SY)(A;OIIOCI;GA;;;CO)(A;;FA;;;
                                                                                                                                                                            • API String ID: 3974508999-3878039831
                                                                                                                                                                            • Opcode ID: 5c11e7c16573a4bb4193614ac1268811fa8dea902af8f6831b8809c4acb0594e
                                                                                                                                                                            • Instruction ID: 57de782d14c39766b2edf732b9ce334cdd59a56715395d7d9e1910a4ee3c20b5
                                                                                                                                                                            • Opcode Fuzzy Hash: 5c11e7c16573a4bb4193614ac1268811fa8dea902af8f6831b8809c4acb0594e
                                                                                                                                                                            • Instruction Fuzzy Hash: 2E31BC7561868381E760AF1AE4807AAA361EFCAB40F944036DB8D9BAD4DF3ED405C711
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00007FF7E4983EE0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73fileCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000031.00000002.2362621246.00007FF7E4981000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF7E4980000, based on PE: true
                                                                                                                                                                            • Associated: 00000031.00000002.2362343868.00007FF7E4980000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363085480.00007FF7E4985000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363253469.00007FF7E4988000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363439864.00007FF7E498A000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363439864.00007FF7E538A000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_49_2_7ff7e4980000_brave_installer-x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ErrorFileLast$CloseCreateHandleWrite
                                                                                                                                                                            • String ID: MZx
                                                                                                                                                                            • API String ID: 4031202350-2575928145
                                                                                                                                                                            • Opcode ID: 4da60d2dbd631154f2cac231304a75b257b9f6fb2b7775f02018daf60bcdbad8
                                                                                                                                                                            • Instruction ID: 908b5ac65c4b4999f5cc1c103c67e5d0c0a735848643768b9d628574400a2f82
                                                                                                                                                                            • Opcode Fuzzy Hash: 4da60d2dbd631154f2cac231304a75b257b9f6fb2b7775f02018daf60bcdbad8
                                                                                                                                                                            • Instruction Fuzzy Hash: 7821DA56B1845251EA10BF17A9447BAE750BB4CBC4FC80032EE4D6F741DE3CE1098751
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00007FF7E4983E40 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47registryCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000031.00000002.2362621246.00007FF7E4981000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF7E4980000, based on PE: true
                                                                                                                                                                            • Associated: 00000031.00000002.2362343868.00007FF7E4980000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363085480.00007FF7E4985000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363253469.00007FF7E4988000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363439864.00007FF7E498A000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363439864.00007FF7E538A000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_49_2_7ff7e4980000_brave_installer-x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CloseOpen
                                                                                                                                                                            • String ID: MZx$Software\BraveSoftware\Update\ClientState\
                                                                                                                                                                            • API String ID: 47109696-1006479344
                                                                                                                                                                            • Opcode ID: 0bf115a699aec88be2570a626c41529b181763eb6068d79b65174ffdd59f7d96
                                                                                                                                                                            • Instruction ID: b4496f3a886491fdc9e9eeb4eec6c7c01a5f0c64a637a93f342501857698ba97
                                                                                                                                                                            • Opcode Fuzzy Hash: 0bf115a699aec88be2570a626c41529b181763eb6068d79b65174ffdd59f7d96
                                                                                                                                                                            • Instruction Fuzzy Hash: A40149BA71564242F761EF9AE8843B5A351AF48780F844132DE5C6BB81DE3DC4498352
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00007FF7E4983CE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23registrystringCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 490 7ff7e4983ce0-7ff7e4983d26 lstrlenW RegSetValueExW
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000031.00000002.2362621246.00007FF7E4981000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF7E4980000, based on PE: true
                                                                                                                                                                            • Associated: 00000031.00000002.2362343868.00007FF7E4980000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363085480.00007FF7E4985000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363253469.00007FF7E4988000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363439864.00007FF7E498A000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363439864.00007FF7E538A000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_49_2_7ff7e4980000_brave_installer-x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Valuelstrlen
                                                                                                                                                                            • String ID: MZx
                                                                                                                                                                            • API String ID: 799288031-2575928145
                                                                                                                                                                            • Opcode ID: eef66df1a55e0406f6d32addfd628c4762235853b8982a6a9ae0fcce0f669e5e
                                                                                                                                                                            • Instruction ID: 8e76637fd1b284e049d0a44c5397b0283bc96a2b1037756349f1a6b53b5fefdb
                                                                                                                                                                            • Opcode Fuzzy Hash: eef66df1a55e0406f6d32addfd628c4762235853b8982a6a9ae0fcce0f669e5e
                                                                                                                                                                            • Instruction Fuzzy Hash: 94E0D87671455185E710AF2BFC48B59A660A79CFE4F4440319D4C47B64DE3CC14ACB00
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00007FF7E4983D70 Relevance: 4.6, APIs: 3, Instructions: 60registryCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 491 7ff7e4983d70-7ff7e4983da3 RegOpenKeyExW 492 7ff7e4983da5-7ff7e4983dad 491->492 493 7ff7e4983dc1-7ff7e4983dff RegQueryValueExW 491->493 495 7ff7e4983db5-7ff7e4983dc0 492->495 496 7ff7e4983daf RegCloseKey 492->496 493->492 494 7ff7e4983e01-7ff7e4983e06 493->494 494->492 497 7ff7e4983e08-7ff7e4983e10 494->497 496->495 498 7ff7e4983e29 497->498 499 7ff7e4983e12-7ff7e4983e1d 497->499 500 7ff7e4983e2e-7ff7e4983e31 498->500 499->500 501 7ff7e4983e1f-7ff7e4983e24 499->501 500->492 502 7ff7e4983e36-7ff7e4983e38 501->502 503 7ff7e4983e26 501->503 502->492 503->498
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000031.00000002.2362621246.00007FF7E4981000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF7E4980000, based on PE: true
                                                                                                                                                                            • Associated: 00000031.00000002.2362343868.00007FF7E4980000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363085480.00007FF7E4985000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363253469.00007FF7E4988000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363439864.00007FF7E498A000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363439864.00007FF7E538A000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_49_2_7ff7e4980000_brave_installer-x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CloseOpenQueryValue
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3677997916-0
                                                                                                                                                                            • Opcode ID: 913576f29219455dba437064464af603eabe837be3e84081c1b97da231c73675
                                                                                                                                                                            • Instruction ID: 2d8c133480c000531cc734c79b860f93c986a6567ae032f526e41b1087b5d039
                                                                                                                                                                            • Opcode Fuzzy Hash: 913576f29219455dba437064464af603eabe837be3e84081c1b97da231c73675
                                                                                                                                                                            • Instruction Fuzzy Hash: 3721F6B761864286F7709F1BE88076AE3A5FB88750F804032EA8D9BB94DE7DD445CB11
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00007FF7E4983C00 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39registryCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • RegQueryValueExW.KERNELBASE(?,?,?,?,MZx,?,00007FF7E49820A6), ref: 00007FF7E4983C33
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000031.00000002.2362621246.00007FF7E4981000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF7E4980000, based on PE: true
                                                                                                                                                                            • Associated: 00000031.00000002.2362343868.00007FF7E4980000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363085480.00007FF7E4985000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363253469.00007FF7E4988000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363439864.00007FF7E498A000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363439864.00007FF7E538A000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_49_2_7ff7e4980000_brave_installer-x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: QueryValue
                                                                                                                                                                            • String ID: MZx
                                                                                                                                                                            • API String ID: 3660427363-2575928145
                                                                                                                                                                            • Opcode ID: a70c7a76e5b8b6159f66a07447bfa7b2e76dbbbc6b5d8d2c4ce7cb94b1699c6c
                                                                                                                                                                            • Instruction ID: cf77ed688695c6b40d9f9e3f901661aa4b7fe87009a8aa0c9b687bddc80d7f1f
                                                                                                                                                                            • Opcode Fuzzy Hash: a70c7a76e5b8b6159f66a07447bfa7b2e76dbbbc6b5d8d2c4ce7cb94b1699c6c
                                                                                                                                                                            • Instruction Fuzzy Hash: D70147B7A1854682E7309F1DE14536EB3A0EBA8750F808136EF4A53AD0DF3CD451CB01
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00007FF7E4981000 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 8COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000031.00000002.2362621246.00007FF7E4981000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF7E4980000, based on PE: true
                                                                                                                                                                            • Associated: 00000031.00000002.2362343868.00007FF7E4980000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363085480.00007FF7E4985000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363253469.00007FF7E4988000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363439864.00007FF7E498A000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363439864.00007FF7E538A000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_49_2_7ff7e4980000_brave_installer-x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExitProcess
                                                                                                                                                                            • String ID: MZx
                                                                                                                                                                            • API String ID: 621844428-2575928145
                                                                                                                                                                            • Opcode ID: 0a848b0dd2127952284119b96377679ac836529e121bac861a9036ada258ffa9
                                                                                                                                                                            • Instruction ID: 17a248cbce4444a21938facd8679eaf3a515afc434b54db21928086f63356b44
                                                                                                                                                                            • Opcode Fuzzy Hash: 0a848b0dd2127952284119b96377679ac836529e121bac861a9036ada258ffa9
                                                                                                                                                                            • Instruction Fuzzy Hash: CBC01269A1855382E624BF1AD481169A320AF48754F808032C54D2B225CE3CA507CB11
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00007FF7E4981DF0 Relevance: 3.0, APIs: 2, Instructions: 36fileCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000031.00000002.2362621246.00007FF7E4981000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF7E4980000, based on PE: true
                                                                                                                                                                            • Associated: 00000031.00000002.2362343868.00007FF7E4980000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363085480.00007FF7E4985000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363253469.00007FF7E4988000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363439864.00007FF7E498A000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363439864.00007FF7E538A000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_49_2_7ff7e4980000_brave_installer-x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CloseCreateFileHandle
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3498533004-0
                                                                                                                                                                            • Opcode ID: a0da7f0cbcb8518973dac9d7c586c98ea94a7ca5d87cc395a8b497b6c15ab702
                                                                                                                                                                            • Instruction ID: b9fbd7a8723b97a25e2f6eca30719a762556ea8ac4f41f37f8dd09aa022eb28c
                                                                                                                                                                            • Opcode Fuzzy Hash: a0da7f0cbcb8518973dac9d7c586c98ea94a7ca5d87cc395a8b497b6c15ab702
                                                                                                                                                                            • Instruction Fuzzy Hash: 3201F77560458241E6609F29E89C3A57250EF497F4F404331DBBA1B7D0DFBD94868701
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00007FF7E4981DB0 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • FindCloseChangeNotification.KERNELBASE(?,?,00000000,00007FF7E4983FBF), ref: 00007FF7E4981DD0
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000031.00000002.2362621246.00007FF7E4981000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF7E4980000, based on PE: true
                                                                                                                                                                            • Associated: 00000031.00000002.2362343868.00007FF7E4980000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363085480.00007FF7E4985000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363253469.00007FF7E4988000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363439864.00007FF7E498A000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363439864.00007FF7E538A000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_49_2_7ff7e4980000_brave_installer-x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ChangeCloseFindNotification
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2591292051-0
                                                                                                                                                                            • Opcode ID: 5e4e4560b8218055e5cd9b848970796ffe5649c193789c5f537aee99201477c3
                                                                                                                                                                            • Instruction ID: 0551b21d3337e0cd613cfbd87ea89c8e1f702454e630263cc97045e525291810
                                                                                                                                                                            • Opcode Fuzzy Hash: 5e4e4560b8218055e5cd9b848970796ffe5649c193789c5f537aee99201477c3
                                                                                                                                                                            • Instruction Fuzzy Hash: 2ED0A77690498682D3246F6AF4C82B47210FF29734F544330D6BD1A3E0DFB814C34301
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                            Function 00007FF7E4983D30 Relevance: 1.5, APIs: 1, Instructions: 12registryCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000031.00000002.2362621246.00007FF7E4981000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF7E4980000, based on PE: true
                                                                                                                                                                            • Associated: 00000031.00000002.2362343868.00007FF7E4980000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363085480.00007FF7E4985000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363253469.00007FF7E4988000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363439864.00007FF7E498A000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000031.00000002.2363439864.00007FF7E538A000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_49_2_7ff7e4980000_brave_installer-x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Value
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3702945584-0
                                                                                                                                                                            • Opcode ID: 8d47ce4adae051e16bff91fc4dcb9f69c1f9e74ce06b048ac4fc986741e11445
                                                                                                                                                                            • Instruction ID: 6ef409bf00b7f470a63fc0f6de1c4c33b479258a84ebb27e22425b513a38d241
                                                                                                                                                                            • Opcode Fuzzy Hash: 8d47ce4adae051e16bff91fc4dcb9f69c1f9e74ce06b048ac4fc986741e11445
                                                                                                                                                                            • Instruction Fuzzy Hash: AAD0A776614A80C6D3609F15E84570D77A0F398B84FD05010EB4C03B20CF3CC215CF04
                                                                                                                                                                            Uniqueness

                                                                                                                                                                            Uniqueness Score: -1.00%